From a07c71654b1fcc29c0a6621845892555ac9f4da2 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 28 Aug 2017 14:50:50 +0530 Subject: [PATCH 01/20] create roles to install pre-requisites --- playbooks/develop/centos.yml | 26 +++- playbooks/develop/debian.yml | 136 +++--------------- playbooks/develop/includes/mariadb_centos.yml | 13 -- playbooks/develop/includes/mariadb_debian.yml | 27 ---- playbooks/develop/includes/mariadb_ubuntu.yml | 32 ----- playbooks/develop/includes/wkhtmltopdf.yml | 19 --- playbooks/develop/macosx.yml | 52 +++---- playbooks/develop/roles/mariadb/README.md | 64 +++++++++ .../develop/roles/mariadb/defaults/main.yml | 7 + .../develop/roles/mariadb/handlers/main.yml | 3 + playbooks/develop/roles/mariadb/meta/main.yml | 19 +++ .../develop/roles/mariadb/tasks/centos.yml | 12 ++ .../develop/roles/mariadb/tasks/debian.yml | 21 +++ .../develop/roles/mariadb/tasks/main.yml | 21 +++ .../tasks/mysql_secure_installation.yml | 64 +++++++++ .../develop/roles/mariadb/tasks/ubuntu.yml | 31 ++++ .../mariadb/templates/mariadb_centos.repo.j2 | 7 + .../mariadb/templates/mariadb_ubuntu.list.j2 | 4 + .../develop/roles/mariadb/templates/my.cnf.j2 | 3 + playbooks/develop/roles/mariadb/vars/main.yml | 6 + playbooks/develop/roles/nginx/.travis.yml | 35 +++++ playbooks/develop/roles/nginx/README.md | 82 +++++++++++ .../develop/roles/nginx/defaults/main.yml | 48 +++++++ .../develop/roles/nginx/handlers/main.yml | 3 + playbooks/develop/roles/nginx/meta/main.yml | 23 +++ playbooks/develop/roles/nginx/tasks/main.yml | 41 ++++++ .../roles/nginx/tasks/setup-Debian.yml | 6 + .../roles/nginx/tasks/setup-RedHat.yml | 11 ++ .../develop/roles/nginx/tasks/vhosts.yml | 22 +++ .../roles/nginx/templates/nginx.conf.j2 | 51 +++++++ .../roles/nginx/templates/nginx.repo.j2 | 5 + .../develop/roles/nginx/templates/vhosts.j2 | 24 ++++ playbooks/develop/roles/nginx/tests/inventory | 1 + playbooks/develop/roles/nginx/tests/test.yml | 5 + playbooks/develop/roles/nginx/vars/Debian.yml | 4 + playbooks/develop/roles/nginx/vars/RedHat.yml | 4 + playbooks/develop/roles/nodejs/tasks/main.yml | 38 +++++ .../roles/prerequisites/tasks/main.yml | 91 ++++++++++++ playbooks/develop/roles/psutil/tasks/main.yml | 3 + .../develop/roles/wkhtmltopdf/tasks/main.yml | 37 +++++ playbooks/develop/setup_essentials.yml | 48 +++++++ playbooks/develop/ubuntu.yml | 120 +++------------- vm/ansible/templates/mariadb_config.cnf | 1 + 43 files changed, 936 insertions(+), 334 deletions(-) delete mode 100644 playbooks/develop/includes/mariadb_centos.yml delete mode 100644 playbooks/develop/includes/mariadb_debian.yml delete mode 100644 playbooks/develop/includes/mariadb_ubuntu.yml delete mode 100644 playbooks/develop/includes/wkhtmltopdf.yml create mode 100644 playbooks/develop/roles/mariadb/README.md create mode 100644 playbooks/develop/roles/mariadb/defaults/main.yml create mode 100644 playbooks/develop/roles/mariadb/handlers/main.yml create mode 100644 playbooks/develop/roles/mariadb/meta/main.yml create mode 100644 playbooks/develop/roles/mariadb/tasks/centos.yml create mode 100644 playbooks/develop/roles/mariadb/tasks/debian.yml create mode 100644 playbooks/develop/roles/mariadb/tasks/main.yml create mode 100644 playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml create mode 100644 playbooks/develop/roles/mariadb/tasks/ubuntu.yml create mode 100644 playbooks/develop/roles/mariadb/templates/mariadb_centos.repo.j2 create mode 100644 playbooks/develop/roles/mariadb/templates/mariadb_ubuntu.list.j2 create mode 100644 playbooks/develop/roles/mariadb/templates/my.cnf.j2 create mode 100644 playbooks/develop/roles/mariadb/vars/main.yml create mode 100644 playbooks/develop/roles/nginx/.travis.yml create mode 100644 playbooks/develop/roles/nginx/README.md create mode 100644 playbooks/develop/roles/nginx/defaults/main.yml create mode 100644 playbooks/develop/roles/nginx/handlers/main.yml create mode 100644 playbooks/develop/roles/nginx/meta/main.yml create mode 100644 playbooks/develop/roles/nginx/tasks/main.yml create mode 100644 playbooks/develop/roles/nginx/tasks/setup-Debian.yml create mode 100644 playbooks/develop/roles/nginx/tasks/setup-RedHat.yml create mode 100644 playbooks/develop/roles/nginx/tasks/vhosts.yml create mode 100644 playbooks/develop/roles/nginx/templates/nginx.conf.j2 create mode 100644 playbooks/develop/roles/nginx/templates/nginx.repo.j2 create mode 100644 playbooks/develop/roles/nginx/templates/vhosts.j2 create mode 100644 playbooks/develop/roles/nginx/tests/inventory create mode 100644 playbooks/develop/roles/nginx/tests/test.yml create mode 100644 playbooks/develop/roles/nginx/vars/Debian.yml create mode 100644 playbooks/develop/roles/nginx/vars/RedHat.yml create mode 100644 playbooks/develop/roles/nodejs/tasks/main.yml create mode 100644 playbooks/develop/roles/prerequisites/tasks/main.yml create mode 100644 playbooks/develop/roles/psutil/tasks/main.yml create mode 100644 playbooks/develop/roles/wkhtmltopdf/tasks/main.yml create mode 100644 playbooks/develop/setup_essentials.yml diff --git a/playbooks/develop/centos.yml b/playbooks/develop/centos.yml index 206f970f..840eaa6d 100755 --- a/playbooks/develop/centos.yml +++ b/playbooks/develop/centos.yml @@ -1,13 +1,26 @@ --- +- include: setup_essentials.yml + - hosts: localhost + become: yes + become_user: root vars: bench_repo_path: "/home/{{ ansible_user_id }}/.bench" bench_path: "/home/{{ ansible_user_id }}/frappe-bench" - mysql_config_template: "templates/simple_mariadb_config.cnf" - mysql_conf_dir: /etc/my.cnf.d/ - + mysql_conf_tpl: ../files/mariadb_config.cnf + mysql_secure_installation: True + roles: + - prerequisites + - mariadb + - wkhtmltopdf + - nodejs + - psutils tasks: + # setup frappe-bench + - include: includes/setup_bench.yml + when: not run_travis and not without_bench_setup +<<<<<<< 7a7c61105c87ac4cccea9c39c23691b0a61f9836 - name: development tools package yum: name="@Development tools" state=present become: yes @@ -84,4 +97,9 @@ # setup development environment - include: includes/setup_dev_env.yml when: not run_travis and not production - \ No newline at end of file + +======= + # setup development environment + - include: includes/setup_dev_env.yml + when: not run_travis and not production +>>>>>>> create roles to install pre-requisites diff --git a/playbooks/develop/debian.yml b/playbooks/develop/debian.yml index d9869a71..15f9a6bf 100755 --- a/playbooks/develop/debian.yml +++ b/playbooks/develop/debian.yml @@ -1,127 +1,35 @@ --- +- include: setup_essentials.yml + - hosts: localhost + become: yes + become_user: root vars: bench_repo_path: "/home/{{ ansible_user_id }}/.bench" bench_path: "/home/{{ ansible_user_id }}/frappe-bench" - mysql_config_template: "templates/simple_mariadb_config.cnf" + mysql_conf_tpl: ../files/mariadb_config.cnf mysql_conf_dir: /etc/mysql/conf.d/ - + roles: + - prerequisites + - mariadb + - wkhtmltopdf + - nodejs + - psutils tasks: + - debug: + var: run_travis - - name: Add dotdeb apt repository key for Debian < 8 - apt_key: - url: http://www.dotdeb.org/dotdeb.gpg - state: present - become: yes - become_user: root - when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') - - - name: Add dotdeb apt repository for redis-server for Debian < 8 - apt_repository: - repo: 'deb http://packages.dotdeb.org wheezy all' - state: present - become: yes - become_user: root - when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') - - # install pre-requisites - - name: install prequisites - apt: pkg={{ item }} state=present - with_items: - # basic installs - - build-essential - - redis-server - - # for mariadb - - software-properties-common - - # for wkhtmltopdf - - libxrender1 - - libxext6 - - xfonts-75dpi - - xfonts-base - - # for Pillow - - zlib1g-dev - - libfreetype6-dev - - liblcms2-dev - - libwebp-dev - - python-tk - - # Ensure apt-transport-https - - apt-transport-https - - # Python LDAP - - libsasl2-dev - - libldap2-dev - - become: yes - become_user: root - - - name: install pillow prerequisites for Debian < 8 - apt: pkg={{ item }} state=present - with_items: - - libjpeg8-dev - - libtiff4-dev - - tcl8.5-dev - - tk8.5-dev - when: ansible_distribution_version | version_compare('8', 'lt') - become: yes - become_user: root - - - name: install pillow prerequisites for Debian >= 8 - apt: pkg={{ item }} state=present - with_items: - - libjpeg62-turbo-dev - - libtiff5-dev - - tcl8.5-dev - - tk8.5-dev - when: ansible_distribution_version | version_compare('8', 'ge') - become: yes - become_user: root - - - name: Add apt key for node repo - apt_key: - url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280 - id: "68576280" - state: present - become: yes - become_user: root - - - name: Add repo - apt_repository: - repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" - state: present - update_cache: yes - become: yes - become_user: root - - - name: Install nodejs 6.x - apt: - name: nodejs - state: present - update_cache: yes - force: yes - become: yes - become_user: root - - # install MariaDB - - include: includes/mariadb_debian.yml - - # install WKHTMLtoPDF - - include: includes/wkhtmltopdf.yml - - # setup MariaDB - - include: includes/setup_mariadb.yml - - - debug: - var: run_travis - - # setup frappe-bench - - include: includes/setup_bench.yml - when: not run_travis + # setup frappe-bench + - include: includes/setup_bench.yml + when: not run_travis +<<<<<<< 7a7c61105c87ac4cccea9c39c23691b0a61f9836 # setup development environment - include: includes/setup_dev_env.yml when: not production and not run_travis +======= + # setup development environment + - include: includes/setup_dev_env.yml + when: not production and not run_travis +>>>>>>> create roles to install pre-requisites diff --git a/playbooks/develop/includes/mariadb_centos.yml b/playbooks/develop/includes/mariadb_centos.yml deleted file mode 100644 index 37454f1f..00000000 --- a/playbooks/develop/includes/mariadb_centos.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - - name: Add repository - template: src=templates/mariadb_centos.repo dest=/etc/yum.repos.d/MariaDB.repo owner=root mode=0644 - become: yes - become_user: root - - - name: Install MariaDB - yum: pkg={{ item }} state=present - with_items: - - MariaDB-server - - MariaDB-client - become: yes - become_user: root diff --git a/playbooks/develop/includes/mariadb_debian.yml b/playbooks/develop/includes/mariadb_debian.yml deleted file mode 100644 index 96e480a2..00000000 --- a/playbooks/develop/includes/mariadb_debian.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - - - name: Add apt key for mariadb for Debian <= 8 - apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present - become: yes - become_user: root - when: ansible_distribution_major_version | version_compare('8', 'le') - - - name: Add apt repository - apt_repository: - repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian {{ ansible_distribution_release }} main' - state: present - become: yes - become_user: root - - - name: Unattended package installation - shell: export DEBIAN_FRONTEND=noninteractive - - - name: apt-get install - apt: pkg={{ item }} update_cache=yes state=present - with_items: - - mariadb-server - - mariadb-client - - mariadb-common - - libmariadbclient-dev - become: yes - become_user: root diff --git a/playbooks/develop/includes/mariadb_ubuntu.yml b/playbooks/develop/includes/mariadb_ubuntu.yml deleted file mode 100644 index 9d64c198..00000000 --- a/playbooks/develop/includes/mariadb_ubuntu.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - - name: Add apt key for mariadb for Ubuntu < 16.04 - apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present - become: yes - become_user: root - when: ansible_distribution_version | version_compare('16.04', 'lt') - - - name: Add apt key for mariadb for Ubuntu >= 16.04 - apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xF1656F24C74CD1D8 state=present - become: yes - become_user: root - when: ansible_distribution_version | version_compare('16.04', 'ge') - - - name: Add apt repository - apt_repository: - repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu {{ ansible_distribution_release }} main' - state: present - become: yes - become_user: root - - - name: Unattended package installation - shell: export DEBIAN_FRONTEND=noninteractive - - - name: apt-get install - apt: pkg={{ item }} update_cache=yes state=present - with_items: - - mariadb-server - - mariadb-client - - mariadb-common - - libmariadbclient-dev - become: yes - become_user: root diff --git a/playbooks/develop/includes/wkhtmltopdf.yml b/playbooks/develop/includes/wkhtmltopdf.yml deleted file mode 100644 index ea4c0c28..00000000 --- a/playbooks/develop/includes/wkhtmltopdf.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - - name: download wkthmltox linux - get_url: url=https://github.com/frappe/wkhtmltopdf/raw/master/wkhtmltox-0.12.3_linux-generic-{{ "amd64" if ansible_architecture == "x86_64" else "i386"}}.tar.xz dest=/tmp/wkhtmltox.tar.xz - - - name: Creates directory - file: path=/tmp/wkhtmltox state=directory - - - name: unarchive wkhtmltopdf - unarchive: src=/tmp/wkhtmltox.tar.xz dest=/tmp - - - name: copy to /usr/local/bin - copy: src="/tmp/wkhtmltox/bin/wkhtmltopdf" dest="/usr/local/bin/wkhtmltopdf" - become: true - become_user: root - - - name: make wkhtmltopdf executable - file: path=/usr/local/bin/wkhtmltopdf mode="o+x" - become: true - become_user: root diff --git a/playbooks/develop/macosx.yml b/playbooks/develop/macosx.yml index 94043dc8..1a1e4850 100644 --- a/playbooks/develop/macosx.yml +++ b/playbooks/develop/macosx.yml @@ -1,35 +1,39 @@ --- - hosts: localhost + become: yes + become_user: root vars: bench_repo_path: "/Users/{{ ansible_user_id }}/.bench" bench_path: "/Users/{{ ansible_user_id }}/frappe-bench" - mysql_config_template: "templates/simple_mariadb_config.cnf" - mysql_conf_dir: /usr/local/etc/my.cnf.d - tasks: + # install pre-requisites + - name: install prequisites + homebrew: name={{ item }} state=present + with_items: + - cmake + - redis + - mariadb + - nodejs - # install pre-requisites - - name: install prequisites - homebrew: name={{ item }} state=present - with_items: - - cmake - - redis - - mariadb - - nodejs + # install wkhtmltopdf + - name: cask installs + homebrew_cask: name={{ item }} state=present + with_items: + - wkhtmltopdf - # install wkhtmltopdf - - name: cask installs - homebrew_cask: name={{ item }} state=present - with_items: - - wkhtmltopdf + - name: configure mariadb + include_role: + name: mariadb + vars: + mysql_conf_tpl: ../files/mariadb_config.cnf - # setup MariaDB - - include: includes/setup_mariadb.yml + - name: Install MySQLdb in global env + pip: name=mysql-python version=1.2.5 - # setup frappe-bench - - include: includes/setup_bench.yml + # setup frappe-bench + - include: includes/setup_bench.yml + + # setup development environment + - include: includes/setup_dev_env.yml + when: not production - # setup development environment - - include: includes/setup_dev_env.yml - when: not production - \ No newline at end of file diff --git a/playbooks/develop/roles/mariadb/README.md b/playbooks/develop/roles/mariadb/README.md new file mode 100644 index 00000000..bc872db5 --- /dev/null +++ b/playbooks/develop/roles/mariadb/README.md @@ -0,0 +1,64 @@ +# Ansible Role: MariaDB + +Installs MariaDB + +## Supported platforms + +``` +CentOS 6 & 7 +Ubuntu 14.04 +``` + +## Post install + +Run `mysql_secure_installation` + +## Requirements + +None + +## Role Variables + +MariaDB version: + +``` +mariadb_version: 10.0 +``` + +Configuration template: + +``` +mysql_conf_tpl: change_me +``` + +Configuration filename: + +``` +mysql_conf_file: settings.cnf +``` + +### Experimental unattended mysql_secure_installation + +``` +ansible-playbook release.yml --extra-vars "mysql_secure_installation=true mysql_root_password=your_very_secret_password" +``` + +## Dependencies + +None + +## Example Playbook + +``` +- hosts: servers + roles: + - { role: pcextreme.mariadb } +``` + +## License + +MIT / BSD + +## Author Information + +Created by [Attila van der Velde](https://github.com/vdvm) diff --git a/playbooks/develop/roles/mariadb/defaults/main.yml b/playbooks/develop/roles/mariadb/defaults/main.yml new file mode 100644 index 00000000..a5bb87ff --- /dev/null +++ b/playbooks/develop/roles/mariadb/defaults/main.yml @@ -0,0 +1,7 @@ +--- +mariadb_version: 10.0 + +mysql_conf_tpl: change_me +mysql_conf_file: settings.cnf + +mysql_secure_installation: false diff --git a/playbooks/develop/roles/mariadb/handlers/main.yml b/playbooks/develop/roles/mariadb/handlers/main.yml new file mode 100644 index 00000000..3755d8ce --- /dev/null +++ b/playbooks/develop/roles/mariadb/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart mysql + service: name=mysql state=restarted diff --git a/playbooks/develop/roles/mariadb/meta/main.yml b/playbooks/develop/roles/mariadb/meta/main.yml new file mode 100644 index 00000000..b2beef2c --- /dev/null +++ b/playbooks/develop/roles/mariadb/meta/main.yml @@ -0,0 +1,19 @@ +--- +galaxy_info: + author: "Attila van der Velde" + description: "Installs MariaDB" + company: "PCextreme B.V." + license: "license (MIT, BSD)" + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - trusty + categories: + - database:sql + +dependencies: [] diff --git a/playbooks/develop/roles/mariadb/tasks/centos.yml b/playbooks/develop/roles/mariadb/tasks/centos.yml new file mode 100644 index 00000000..84b49c55 --- /dev/null +++ b/playbooks/develop/roles/mariadb/tasks/centos.yml @@ -0,0 +1,12 @@ +--- +- name: Add repo file + template: src=mariadb_centos.repo.j2 dest=/etc/yum.repos.d/mariadb.repo owner=root group=root mode=0644 + +- name: Install MariaDB + yum: name={{ item }} enablerepo=mariadb state=present + with_items: + - MariaDB-server + - MariaDB-client + - MySQL-python + - MariaDB-devel + diff --git a/playbooks/develop/roles/mariadb/tasks/debian.yml b/playbooks/develop/roles/mariadb/tasks/debian.yml new file mode 100644 index 00000000..449f6973 --- /dev/null +++ b/playbooks/develop/roles/mariadb/tasks/debian.yml @@ -0,0 +1,21 @@ +--- + +- name: Add apt key for mariadb for Debian <= 8 + apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present + when: ansible_distribution_major_version | version_compare('8', 'le') + +- name: Add apt repository + apt_repository: + repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian {{ ansible_distribution_release }} main' + state: present + +- name: Unattended package installation + shell: export DEBIAN_FRONTEND=noninteractive + +- name: apt-get install + apt: pkg={{ item }} update_cache=yes state=present + with_items: + - mariadb-server + - mariadb-client + - mariadb-common + - libmariadbclient-dev diff --git a/playbooks/develop/roles/mariadb/tasks/main.yml b/playbooks/develop/roles/mariadb/tasks/main.yml new file mode 100644 index 00000000..878e5894 --- /dev/null +++ b/playbooks/develop/roles/mariadb/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- include: centos.yml + when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6 + +- include: ubuntu.yml + when: ansible_distribution == 'Ubuntu' + +- include: debian.yml + when: ansible_distribution == 'Debian' + +- name: Add configuration + template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 + when: mysql_conf_tpl != 'change_me' + notify: restart mysql + +- name: Start and enable service + service: name=mysql state=started enabled=yes + +- include: mysql_secure_installation.yml +- debug: var=mysql_secure_installation + when: mysql_secure_installation and mysql_root_password is defined diff --git a/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml b/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml new file mode 100644 index 00000000..87452291 --- /dev/null +++ b/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml @@ -0,0 +1,64 @@ +--- +# Set root password +# UPDATE mysql.user SET Password=PASSWORD('mysecret') WHERE User='root'; +# FLUSH PRIVILEGES; + + +- name: Set root Password + mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present + with_items: + - localhost + - 127.0.0.1 + - ::1 + ignore_errors: yes + +- name: Add .my.cnf + template: src=my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 + +- name: Reload privilege tables + command: 'mysql -ne "{{ item }}"' + with_items: + - FLUSH PRIVILEGES + changed_when: False + +- name: Remove anonymous users + command: 'mysql -ne "{{ item }}"' + with_items: + - DELETE FROM mysql.user WHERE User='' + changed_when: False + +- name: Disallow root login remotely + command: 'mysql -ne "{{ item }}"' + with_items: + - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1') + changed_when: False + +- name: Remove test database and access to it + command: 'mysql -ne "{{ item }}"' + with_items: + - DROP DATABASE if exists test + - DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%' + changed_when: False + ignore_errors: True + +- name: Reload privilege tables + command: 'mysql -ne "{{ item }}"' + with_items: + - FLUSH PRIVILEGES + changed_when: False + +- name: add launchagents folder mac + file: path=~/Library/LaunchAgents state=directory + when: ansible_distribution == 'MacOSX' + +- name: add mysql to mac startup + file: src=/usr/local/opt/mariadb/homebrew.mxcl.mariadb.plist path=~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist state=link force=yes + when: ansible_distribution == 'MacOSX' + +- name: stop mysql mac + command: launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist + when: ansible_distribution == 'MacOSX' + +- name: start mysql mac + command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist + when: ansible_distribution == 'MacOSX' diff --git a/playbooks/develop/roles/mariadb/tasks/ubuntu.yml b/playbooks/develop/roles/mariadb/tasks/ubuntu.yml new file mode 100644 index 00000000..8fb6e2cc --- /dev/null +++ b/playbooks/develop/roles/mariadb/tasks/ubuntu.yml @@ -0,0 +1,31 @@ +--- +- name: Add repo file + template: src=mariadb_ubuntu.list.j2 dest=/etc/apt/sources.list.d/mariadb.list owner=root group=root mode=0644 + register: mariadb_list + +- name: Add repo key + apt_key: id=1BB943DB url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCBCB082A1BB943DB state=present + register: mariadb_key + when: ansible_distribution_version | version_compare('16.04', 'lt') + +- name: Add apt key for mariadb for Ubuntu >= 16.04 + apt_key: id=C74CD1D8 url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF1656F24C74CD1D8 state=present + register: mariadb_key + when: ansible_distribution_version | version_compare('16.04', 'ge') + +- name: Update apt cache + apt: update_cache=yes + when: mariadb_list.changed == True or mariadb_key.changed == True + +- name: Unattended package installation + shell: export DEBIAN_FRONTEND=noninteractive + changed_when: false + +- name: Install MariaDB + apt: pkg={{ item }} state=present + with_items: + - mariadb-server + - mariadb-client + - mariadb-common + - libmariadbclient-dev + - python-mysqldb diff --git a/playbooks/develop/roles/mariadb/templates/mariadb_centos.repo.j2 b/playbooks/develop/roles/mariadb/templates/mariadb_centos.repo.j2 new file mode 100644 index 00000000..64738cc1 --- /dev/null +++ b/playbooks/develop/roles/mariadb/templates/mariadb_centos.repo.j2 @@ -0,0 +1,7 @@ +# MariaDB CentOS {{ ansible_distribution_major_version|int }} repository list +# http://mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/{{ mariadb_version }}/centos{{ ansible_distribution_major_version|int }}-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1 diff --git a/playbooks/develop/roles/mariadb/templates/mariadb_ubuntu.list.j2 b/playbooks/develop/roles/mariadb/templates/mariadb_ubuntu.list.j2 new file mode 100644 index 00000000..981b4d6b --- /dev/null +++ b/playbooks/develop/roles/mariadb/templates/mariadb_ubuntu.list.j2 @@ -0,0 +1,4 @@ +# MariaDB Ubuntu {{ ansible_distribution_release | title }} repository list +# http://mariadb.org/mariadb/repositories/ +deb http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/ubuntu {{ ansible_distribution_release | lower }} main +deb-src http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/ubuntu {{ ansible_distribution_release | lower }} main diff --git a/playbooks/develop/roles/mariadb/templates/my.cnf.j2 b/playbooks/develop/roles/mariadb/templates/my.cnf.j2 new file mode 100644 index 00000000..b63b4e63 --- /dev/null +++ b/playbooks/develop/roles/mariadb/templates/my.cnf.j2 @@ -0,0 +1,3 @@ +[client] +user=root +password={{ mysql_root_password }} diff --git a/playbooks/develop/roles/mariadb/vars/main.yml b/playbooks/develop/roles/mariadb/vars/main.yml new file mode 100644 index 00000000..63ba35b0 --- /dev/null +++ b/playbooks/develop/roles/mariadb/vars/main.yml @@ -0,0 +1,6 @@ +--- +mysql_conf_dir: + "CentOS": /etc/my.cnf.d + "Ubuntu": /etc/mysql/conf.d + "Debian": /etc/mysql/conf.d + "MacOSX": /usr/local/etc/my.cnf.d diff --git a/playbooks/develop/roles/nginx/.travis.yml b/playbooks/develop/roles/nginx/.travis.yml new file mode 100644 index 00000000..24648b13 --- /dev/null +++ b/playbooks/develop/roles/nginx/.travis.yml @@ -0,0 +1,35 @@ +--- +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + - sudo apt-get install -y curl + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # TODO - get the test working. Probably need to add a virtual host. + # Request a page via Nginx, to make sure Nginx is running and responds. + # - "curl http://localhost/" diff --git a/playbooks/develop/roles/nginx/README.md b/playbooks/develop/roles/nginx/README.md new file mode 100644 index 00000000..00bfb8a2 --- /dev/null +++ b/playbooks/develop/roles/nginx/README.md @@ -0,0 +1,82 @@ +# Ansible Role: Nginx + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx) + +Installs Nginx on RedHat/CentOS or Debian/Ubuntu linux servers. + +This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + nginx_vhosts: [] + +A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`. + + nginx_remove_default_vhost: false + +Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. + + nginx_upstreams: [] + +If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information. + + nginx_user: "nginx" + +The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian. + + nginx_worker_processes: "1" + nginx_worker_connections: "1024" + +`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). + + nginx_error_log: "/var/log/nginx/error.log warn" + nginx_access_log: "/var/log/nginx/access.log main buffer=16k" + +Configuration of the default error and access logs. Set to `off` to disable a log entirely. + + nginx_sendfile: "on" + nginx_tcp_nopush: "on" + nginx_tcp_nodelay: "on" + +TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives. + + nginx_keepalive_timeout: "65" + nginx_keepalive_requests: "100" + +Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests. + + nginx_client_max_body_size: "64m" + +This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low. + + nginx_proxy_cache_path: "" + +Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). + + nginx_default_release: "" + +(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx. + +## Dependencies + +None. + +## Example Playbook + + - hosts: server + roles: + - { role: geerlingguy.nginx } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/playbooks/develop/roles/nginx/defaults/main.yml b/playbooks/develop/roles/nginx/defaults/main.yml new file mode 100644 index 00000000..07eee907 --- /dev/null +++ b/playbooks/develop/roles/nginx/defaults/main.yml @@ -0,0 +1,48 @@ +--- +# Used only for Debian/Ubuntu installation, as the -t option for apt. +nginx_default_release: "" + +nginx_worker_processes: "1" +nginx_worker_connections: "1024" + +nginx_error_log: "/var/log/nginx/error.log warn" +nginx_access_log: "/var/log/nginx/access.log main buffer=16k" + +nginx_sendfile: "on" +nginx_tcp_nopush: "on" +nginx_tcp_nodelay: "on" + +nginx_keepalive_timeout: "65" +nginx_keepalive_requests: "100" + +nginx_client_max_body_size: "64m" + +nginx_proxy_cache_path: "" + +nginx_remove_default_vhost: false +nginx_vhosts: [] +# Example vhost below, showing all available options: +# - { +# listen: "80 default_server", # default: "80 default_server" +# server_name: "example.com", # default: N/A +# root: "/var/www/example.com", # default: N/A +# index: "index.html index.htm", # default: "index.html index.htm" +# +# # Properties that are only added if defined: +# error_page: "", +# access_log: "", +# extra_config: "" # Can be used to add extra config blocks (multiline). +# } + +nginx_upstreams: [] +# - { +# name: myapp1, +# strategy: "ip_hash", # "least_conn", etc. +# servers: { +# "srv1.example.com", +# "srv2.example.com weight=3", +# "srv3.example.com" +# } +# } +nginx_conf_file: nginx.conf.j2 +setup_www_redirect: false \ No newline at end of file diff --git a/playbooks/develop/roles/nginx/handlers/main.yml b/playbooks/develop/roles/nginx/handlers/main.yml new file mode 100644 index 00000000..92971d2c --- /dev/null +++ b/playbooks/develop/roles/nginx/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart nginx + service: name=nginx state=restarted diff --git a/playbooks/develop/roles/nginx/meta/main.yml b/playbooks/develop/roles/nginx/meta/main.yml new file mode 100644 index 00000000..efbe68f7 --- /dev/null +++ b/playbooks/develop/roles/nginx/meta/main.yml @@ -0,0 +1,23 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Nginx installation for Linux/UNIX. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + categories: + - development + - web diff --git a/playbooks/develop/roles/nginx/tasks/main.yml b/playbooks/develop/roles/nginx/tasks/main.yml new file mode 100644 index 00000000..790e8f24 --- /dev/null +++ b/playbooks/develop/roles/nginx/tasks/main.yml @@ -0,0 +1,41 @@ +--- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define nginx_user. + set_fact: + nginx_user: "{{ __nginx_user }}" + when: nginx_user is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +# Nginx setup. +- name: Copy nginx configuration in place. + template: + src: "{{ nginx_conf_file }}" + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: 0644 + notify: restart nginx + +- name: Setup www redirect + template: + src: ../files/www_redirect.conf + dest: /etc/nginx/conf.d/ + owner: root + group: root + mode: 0644 + notify: restart nginx + when: setup_www_redirect + +- name: Ensure nginx is started and enabled to start at boot. + service: name=nginx state=started enabled=yes + +- include: vhosts.yml diff --git a/playbooks/develop/roles/nginx/tasks/setup-Debian.yml b/playbooks/develop/roles/nginx/tasks/setup-Debian.yml new file mode 100644 index 00000000..ced11b65 --- /dev/null +++ b/playbooks/develop/roles/nginx/tasks/setup-Debian.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure nginx is installed. + apt: + pkg: nginx + state: installed + default_release: "{{ nginx_default_release }}" diff --git a/playbooks/develop/roles/nginx/tasks/setup-RedHat.yml b/playbooks/develop/roles/nginx/tasks/setup-RedHat.yml new file mode 100644 index 00000000..73f205e5 --- /dev/null +++ b/playbooks/develop/roles/nginx/tasks/setup-RedHat.yml @@ -0,0 +1,11 @@ +--- +- name: Enable nginx repo. + template: + src: nginx.repo.j2 + dest: /etc/yum.repos.d/nginx.repo + owner: root + group: root + mode: 0644 + +- name: Ensure nginx is installed. + yum: pkg=nginx state=installed enablerepo=nginx diff --git a/playbooks/develop/roles/nginx/tasks/vhosts.yml b/playbooks/develop/roles/nginx/tasks/vhosts.yml new file mode 100644 index 00000000..5ee8ec22 --- /dev/null +++ b/playbooks/develop/roles/nginx/tasks/vhosts.yml @@ -0,0 +1,22 @@ +--- +- name: Remove default nginx vhost config file (if configured). + file: + path: "{{ nginx_default_vhost_path }}" + state: absent + when: nginx_remove_default_vhost + notify: restart nginx + +- name: Add managed vhost config file (if any vhosts are configured). + template: + src: vhosts.j2 + dest: "{{ nginx_vhost_path }}/vhosts.conf" + mode: 0644 + when: nginx_vhosts + notify: restart nginx + +- name: Remove managed vhost config file (if no vhosts are configured). + file: + path: "{{ nginx_vhost_path }}/vhosts.conf" + state: absent + when: not nginx_vhosts + notify: restart nginx diff --git a/playbooks/develop/roles/nginx/templates/nginx.conf.j2 b/playbooks/develop/roles/nginx/templates/nginx.conf.j2 new file mode 100644 index 00000000..a43202ce --- /dev/null +++ b/playbooks/develop/roles/nginx/templates/nginx.conf.j2 @@ -0,0 +1,51 @@ +user {{ nginx_user }}; + +error_log {{ nginx_error_log }}; +pid /var/run/nginx.pid; + +worker_processes {{ nginx_worker_processes }}; + +events { + worker_connections {{ nginx_worker_connections }}; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server_names_hash_bucket_size 64; + + client_max_body_size {{ nginx_client_max_body_size }}; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log {{ nginx_access_log }}; + + sendfile {{ nginx_sendfile }}; + tcp_nopush {{ nginx_tcp_nopush }}; + tcp_nodelay {{ nginx_tcp_nodelay }}; + + keepalive_timeout {{ nginx_keepalive_timeout }}; + keepalive_requests {{ nginx_keepalive_requests }}; + + #gzip on; + +{% if nginx_proxy_cache_path %} + proxy_cache_path {{ nginx_proxy_cache_path }}; +{% endif %} + +{% for upstream in nginx_upstreams %} + upstream {{ upstream.name }} { +{% if upstream.strategy is defined %} + {{ upstream.strategy }}; +{% endif %} +{% for server in upstream.servers %} + server {{ server }}; +{% endfor %} + } +{% endfor %} + + include {{ nginx_vhost_path }}/*; +} diff --git a/playbooks/develop/roles/nginx/templates/nginx.repo.j2 b/playbooks/develop/roles/nginx/templates/nginx.repo.j2 new file mode 100644 index 00000000..9a853b70 --- /dev/null +++ b/playbooks/develop/roles/nginx/templates/nginx.repo.j2 @@ -0,0 +1,5 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/ +gpgcheck=0 +enabled=1 diff --git a/playbooks/develop/roles/nginx/templates/vhosts.j2 b/playbooks/develop/roles/nginx/templates/vhosts.j2 new file mode 100644 index 00000000..09bda352 --- /dev/null +++ b/playbooks/develop/roles/nginx/templates/vhosts.j2 @@ -0,0 +1,24 @@ +{% for vhost in nginx_vhosts %} +server { + listen {{ vhost.listen | default('80 default_server') }}; + server_name {{ vhost.server_name }}; + + root {{ vhost.root }}; + index {{ vhost.index | default('index.html index.htm') }}; + + {% if vhost.error_page is defined %} + error_page {{ vhost.error_page }}; + {% endif %} + {% if vhost.access_log is defined %} + access_log {{ vhost.access_log }}; + {% endif %} + + {% if vhost.return is defined %} + return {{ vhost.return }}; + {% endif %} + + {% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }}; + {% endif %} +} +{% endfor %} diff --git a/playbooks/develop/roles/nginx/tests/inventory b/playbooks/develop/roles/nginx/tests/inventory new file mode 100644 index 00000000..2fbb50c4 --- /dev/null +++ b/playbooks/develop/roles/nginx/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/playbooks/develop/roles/nginx/tests/test.yml b/playbooks/develop/roles/nginx/tests/test.yml new file mode 100644 index 00000000..42bba2c0 --- /dev/null +++ b/playbooks/develop/roles/nginx/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-nginx diff --git a/playbooks/develop/roles/nginx/vars/Debian.yml b/playbooks/develop/roles/nginx/vars/Debian.yml new file mode 100644 index 00000000..b78b7c55 --- /dev/null +++ b/playbooks/develop/roles/nginx/vars/Debian.yml @@ -0,0 +1,4 @@ +--- +nginx_vhost_path: /etc/nginx/sites-enabled +nginx_default_vhost_path: /etc/nginx/sites-enabled/default +__nginx_user: "www-data" diff --git a/playbooks/develop/roles/nginx/vars/RedHat.yml b/playbooks/develop/roles/nginx/vars/RedHat.yml new file mode 100644 index 00000000..24123048 --- /dev/null +++ b/playbooks/develop/roles/nginx/vars/RedHat.yml @@ -0,0 +1,4 @@ +--- +nginx_vhost_path: /etc/nginx/conf.d +nginx_default_vhost_path: /etc/nginx/conf.d/default.conf +__nginx_user: "nginx" diff --git a/playbooks/develop/roles/nodejs/tasks/main.yml b/playbooks/develop/roles/nodejs/tasks/main.yml new file mode 100644 index 00000000..f929c535 --- /dev/null +++ b/playbooks/develop/roles/nodejs/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Import Node source RPM key + rpm_key: + key: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL + state: present + when: ansible_os_family == 'RedHat' + +- name: Add Node Repo for RedHat + yum: + name: 'https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm' + state: present + update_cache: yes + when: ansible_os_family == 'RedHat' + +- name: Install node v6 + yum: name=nodejs state=present + +- name: Add apt key for node repo + apt_key: + url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280 + id: "68576280" + state: present + when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' + +- name: Add repo + apt_repository: + repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" + state: present + register: node_repo + when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' + +- name: Install nodejs 6.x + apt: + name: nodejs + state: present + update_cache: yes + force: yes + when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' diff --git a/playbooks/develop/roles/prerequisites/tasks/main.yml b/playbooks/develop/roles/prerequisites/tasks/main.yml new file mode 100644 index 00000000..80d208cc --- /dev/null +++ b/playbooks/develop/roles/prerequisites/tasks/main.yml @@ -0,0 +1,91 @@ +--- +# Prerequisite for centos +- name: Install yum packages + yum: name={{ item }} state=present + with_items: + - bzip2-devel + - cronie + - dnsmasq + - freetype-devel + - git + - htop + - lcms2-devel + - libjpeg-devel + - libtiff-devel + - libffi-devel + - libwebp-devel + - libXext + - libXrender + - libzip-devel + - libffi-devel + - ntp + - openssl-devel + - postfix + - python-devel + - python-setuptools + - python-pip + - redis + - screen + - sudo + - supervisor + - tcl-devel + - tk-devel + - vim + - which + - xorg-x11-fonts-75dpi + - xorg-x11-fonts-Type1 + - zlib-devel + - openssl-devel + - openldap-devel + when: ansible_os_family == 'RedHat' + +# Prerequisite for Debian and Ubuntu +- name: Install apt packages + apt: pkg={{ item }} state=present force=yes + with_items: + - build-essential + - software-properties-common + - dnsmasq + - fontconfig + - git + - htop + - libcrypto++-dev + - libfreetype6-dev + - libjpeg8-dev + - liblcms2-dev + - libssl-dev + - libtiff5-dev + - libwebp-dev + - libxext6 + - libxrender1 + - libxslt1-dev + - libxslt1.1 + - libffi-dev + - ntp + - postfix + - python-dev + - python-pip + - python-tk + - redis-server + - screen + - supervisor + - tcl8.6-dev + - tk8.6-dev + - vim + - xfonts-75dpi + - xfonts-base + - zlib1g-dev + - apt-transport-https + - libsasl2-dev + - libldap2-dev + when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' + +# Prerequisite for MACOS +- name: install prequisites + homebrew: name={{ item }} state=present + with_items: + - cmake + - redis + - mariadb + - nodejs + when: ansible_distribution == 'MacOSX' \ No newline at end of file diff --git a/playbooks/develop/roles/psutil/tasks/main.yml b/playbooks/develop/roles/psutil/tasks/main.yml new file mode 100644 index 00000000..9a38e344 --- /dev/null +++ b/playbooks/develop/roles/psutil/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: Install psutil + pip: name=psutil state=latest \ No newline at end of file diff --git a/playbooks/develop/roles/wkhtmltopdf/tasks/main.yml b/playbooks/develop/roles/wkhtmltopdf/tasks/main.yml new file mode 100644 index 00000000..9e048a83 --- /dev/null +++ b/playbooks/develop/roles/wkhtmltopdf/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: install base fonts + yum: name={{ item }} state=present + with_items: + - libXrender + - libXext + - xorg-x11-fonts-75dpi + - xorg-x11-fonts-Type1 + when: ansible_os_family == 'RedHat' + +- name: install base fonts + apt: name={{ item }} state=present force=yes + with_items: + - libxrender1 + - libxext6 + - xfonts-75dpi + - xfonts-base + when: ansible_os_family == 'Debian' + +- name: download wkthmltox linux + get_url: url=https://github.com/frappe/wkhtmltopdf/raw/master/wkhtmltox-0.12.3_linux-generic-{{ "amd64" if ansible_architecture == "x86_64" else "i386"}}.tar.xz dest=/tmp/wkhtmltox.tar.xz + +- name: Creates directory + file: path=/tmp/wkhtmltox state=directory + +- name: unarchive wkhtmltopdf + unarchive: src=/tmp/wkhtmltox.tar.xz dest=/tmp + +- name: copy to /usr/local/bin + copy: src="/tmp/wkhtmltox/bin/wkhtmltopdf" dest="/usr/local/bin/wkhtmltopdf" + become: true + become_user: root + +- name: make wkhtmltopdf executable + file: path=/usr/local/bin/wkhtmltopdf mode="o+x" + become: true + become_user: root diff --git a/playbooks/develop/setup_essentials.yml b/playbooks/develop/setup_essentials.yml new file mode 100644 index 00000000..2bbaf47b --- /dev/null +++ b/playbooks/develop/setup_essentials.yml @@ -0,0 +1,48 @@ +--- + - name: Setup Essentials + hosts: localhost + become: yes + become_user: root + + tasks: + - name: Install the 'Development tools' package group (Redhat) + yum: name="@Development tools" state=present + when: ansible_os_family == 'RedHat' + + - name: Install EPEL + yum: name='epel-release' state=present + when: ansible_os_family == 'RedHat' + + - name: Install libselinux-python + yum: name={{ item }} state=present + with_items: + - python-devel + - python-setuptools + - python-pip + - libselinux-python + when: ansible_os_family == 'RedHat' + + - name: Add dotdeb apt repository key for Debian < 8 + apt_key: + url: http://www.dotdeb.org/dotdeb.gpg + state: present + become: yes + become_user: root + when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') + + - name: Add dotdeb apt repository for redis-server for Debian < 8 + apt_repository: + repo: 'deb http://packages.dotdeb.org wheezy all' + state: present + become: yes + become_user: root + when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') + + - name: Install libselinux-python + apt: pkg={{ item }} state=present force=yes + with_items: + - build-essential + - python-dev + - python-pip + - libselinux-python + when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu' diff --git a/playbooks/develop/ubuntu.yml b/playbooks/develop/ubuntu.yml index 983d481e..201649a4 100644 --- a/playbooks/develop/ubuntu.yml +++ b/playbooks/develop/ubuntu.yml @@ -1,110 +1,28 @@ --- +- include: setup_essentials.yml + - hosts: localhost + become: yes + become_user: root vars: bench_repo_path: "/home/{{ ansible_user_id }}/.bench" bench_path: "/home/{{ ansible_user_id }}/frappe-bench" - mysql_config_template: "templates/simple_mariadb_config.cnf" + mysql_conf_tpl: ../files/mariadb_config.cnf mysql_conf_dir: /etc/mysql/conf.d/ - + roles: + - prerequisites + - mariadb + - wkhtmltopdf + - nodejs + - psutils tasks: + - debug: + var: run_travis - # install pre-requisites - - name: install prequisites - apt: pkg={{ item }} state=present - with_items: - # basic installs - - build-essential - - redis-server + # setup frappe-bench + - include: includes/setup_bench.yml + when: not without_bench_setup and not run_travis - # for mariadb - - software-properties-common - - # for wkhtmltopdf - - libxrender1 - - libxext6 - - xfonts-75dpi - - xfonts-base - - # for Pillow - - libjpeg8-dev - - zlib1g-dev - - libfreetype6-dev - - liblcms2-dev - - libwebp-dev - - python-tk - - # Ensure apt-transport-https - - apt-transport-https - - # Python LDAP - - libsasl2-dev - - libldap2-dev - - become: yes - become_user: root - - - name: install pillow prerequisites for Ubuntu < 14.04 - apt: pkg={{ item }} state=present - with_items: - - libtiff4-dev - - tcl8.5-dev - - tk8.5-dev - when: ansible_distribution_version | version_compare('14.04', 'lt') - become: yes - become_user: root - - - name: install pillow prerequisites for Ubuntu >= 14.04 - apt: pkg={{ item }} state=present - with_items: - - libtiff5-dev - - tcl8.6-dev - - tk8.6-dev - when: ansible_distribution_version | version_compare('14.04', 'ge') - become: yes - become_user: root - - - name: Add apt key for node repo - apt_key: - url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280 - id: "68576280" - state: present - become: yes - become_user: root - - - name: Add repo - apt_repository: - repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main" - state: present - register: node_repo - become: yes - become_user: root - - - name: Install nodejs 6.x - apt: - name: nodejs - state: present - update_cache: yes - force: yes - become: yes - become_user: root - - # install MariaDB - - include: includes/mariadb_ubuntu.yml - - # install WKHTMLtoPDF - - include: includes/wkhtmltopdf.yml - - # setup MariaDB - - include: includes/setup_mariadb.yml - - - debug: - var: run_travis - - # setup frappe-bench - - include: includes/setup_bench.yml - when: not without_bench_setup and not run_travis - - # setup development environment - - include: includes/setup_dev_env.yml - when: not production and not run_travis and not without_bench_setup - \ No newline at end of file + # setup development environment + - include: includes/setup_dev_env.yml + when: not production and not run_travis and not without_bench_setup diff --git a/vm/ansible/templates/mariadb_config.cnf b/vm/ansible/templates/mariadb_config.cnf index 26ed5482..c709e560 100644 --- a/vm/ansible/templates/mariadb_config.cnf +++ b/vm/ansible/templates/mariadb_config.cnf @@ -46,6 +46,7 @@ innodb-large-prefix = 1 collation-server = utf8mb4_unicode_ci character-set-server = utf8mb4 character-set-client-handshake = FALSE +max_allowed_packet = 64M # LOGGING # log-error = /var/lib/mysql/mysql-error.log From 8139bccb0e7779e835e0419af86cefa2dd731866 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 28 Aug 2017 15:46:20 +0530 Subject: [PATCH 02/20] add name to task and fix typo for role --- playbooks/develop/centos.yml | 86 ++---------------------------------- playbooks/develop/debian.yml | 23 ++++------ playbooks/develop/ubuntu.yml | 23 +++++----- 3 files changed, 25 insertions(+), 107 deletions(-) diff --git a/playbooks/develop/centos.yml b/playbooks/develop/centos.yml index 840eaa6d..cd236f93 100755 --- a/playbooks/develop/centos.yml +++ b/playbooks/develop/centos.yml @@ -1,7 +1,8 @@ --- - include: setup_essentials.yml -- hosts: localhost +- name: "Setup prerequisites, mariadb, wkhtmltopdf, nodejs and psutil" + hosts: localhost become: yes become_user: root vars: @@ -14,82 +15,9 @@ - mariadb - wkhtmltopdf - nodejs - - psutils + - psutil + tasks: - # setup frappe-bench - - include: includes/setup_bench.yml - when: not run_travis and not without_bench_setup - -<<<<<<< 7a7c61105c87ac4cccea9c39c23691b0a61f9836 - - name: development tools package - yum: name="@Development tools" state=present - become: yes - become_user: root - - - name: install prerequisites - yum: pkg={{ item }} state=present - with_items: - # basic installs - - redis - - # for mariadb - - libselinux-python - - mysql-devel - - mysql-libs - - # for wkhtmltopdf - - libXrender - - libXext - - xorg-x11-fonts-75dpi - - xorg-x11-fonts-Type1 - - # for Pillow - - libjpeg-devel - - zlib-devel - - libzip-devel - - freetype-devel - - lcms2-devel - - libwebp-devel - - libtiff-devel - - tcl-devel - - tk-devel - - # Python LDAP - - openldap-devel - - become: yes - become_user: root - - - name: Import Node source RPM key - rpm_key: - key: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL - state: present - become: yes - become_user: root - - - name: Add Node Repo - yum: - name: 'https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm' - state: present - become: yes - become_user: root - - - name: Install nodejs - yum: - name: nodejs - state: present - become: yes - become_user: root - - # install MariaDB - - include: includes/mariadb_centos.yml - - # install WKHTMLtoPDF - - include: includes/wkhtmltopdf.yml - - # setup MariaDB - - include: includes/setup_mariadb.yml - # setup frappe-bench - include: includes/setup_bench.yml when: not run_travis and not without_bench_setup @@ -97,9 +25,3 @@ # setup development environment - include: includes/setup_dev_env.yml when: not run_travis and not production - -======= - # setup development environment - - include: includes/setup_dev_env.yml - when: not run_travis and not production ->>>>>>> create roles to install pre-requisites diff --git a/playbooks/develop/debian.yml b/playbooks/develop/debian.yml index 15f9a6bf..65cce5af 100755 --- a/playbooks/develop/debian.yml +++ b/playbooks/develop/debian.yml @@ -1,35 +1,30 @@ --- - include: setup_essentials.yml -- hosts: localhost +- name: "Setup prerequisites, mariadb, wkhtmltopdf, nodejs and psutil" + hosts: localhost become: yes become_user: root vars: bench_repo_path: "/home/{{ ansible_user_id }}/.bench" bench_path: "/home/{{ ansible_user_id }}/frappe-bench" mysql_conf_tpl: ../files/mariadb_config.cnf - mysql_conf_dir: /etc/mysql/conf.d/ + mysql_secure_installation: True roles: - prerequisites - mariadb - wkhtmltopdf - nodejs - - psutils + - psutil tasks: - - debug: - var: run_travis + - debug: + var: run_travis - # setup frappe-bench - - include: includes/setup_bench.yml - when: not run_travis + # setup frappe-bench + - include: includes/setup_bench.yml + when: not run_travis -<<<<<<< 7a7c61105c87ac4cccea9c39c23691b0a61f9836 # setup development environment - include: includes/setup_dev_env.yml when: not production and not run_travis -======= - # setup development environment - - include: includes/setup_dev_env.yml - when: not production and not run_travis ->>>>>>> create roles to install pre-requisites diff --git a/playbooks/develop/ubuntu.yml b/playbooks/develop/ubuntu.yml index 201649a4..361d375f 100644 --- a/playbooks/develop/ubuntu.yml +++ b/playbooks/develop/ubuntu.yml @@ -1,28 +1,29 @@ --- - include: setup_essentials.yml -- hosts: localhost +- name: "Setup prerequisites, mariadb, wkhtmltopdf, nodejs and psutil" + hosts: localhost become: yes become_user: root vars: bench_repo_path: "/home/{{ ansible_user_id }}/.bench" bench_path: "/home/{{ ansible_user_id }}/frappe-bench" mysql_conf_tpl: ../files/mariadb_config.cnf - mysql_conf_dir: /etc/mysql/conf.d/ + mysql_secure_installation: True roles: - prerequisites - mariadb - wkhtmltopdf - nodejs - - psutils + - psutil tasks: - - debug: - var: run_travis + - debug: + var: run_travis - # setup frappe-bench - - include: includes/setup_bench.yml - when: not without_bench_setup and not run_travis + # setup frappe-bench + - include: includes/setup_bench.yml + when: not without_bench_setup and not run_travis - # setup development environment - - include: includes/setup_dev_env.yml - when: not production and not run_travis and not without_bench_setup + # setup development environment + - include: includes/setup_dev_env.yml + when: not production and not run_travis and not without_bench_setup From 00a492f538bfebfd72697027c5dca2891e266951 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 28 Aug 2017 15:58:10 +0530 Subject: [PATCH 03/20] add mariadb config file --- playbooks/develop/files/mariadb_config.cnf | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 playbooks/develop/files/mariadb_config.cnf diff --git a/playbooks/develop/files/mariadb_config.cnf b/playbooks/develop/files/mariadb_config.cnf new file mode 100644 index 00000000..b6512a22 --- /dev/null +++ b/playbooks/develop/files/mariadb_config.cnf @@ -0,0 +1,61 @@ +[mysqld] + +# GENERAL # +user = mysql +default-storage-engine = InnoDB +socket = /var/lib/mysql/mysql.sock +pid-file = /var/lib/mysql/mysql.pid + +# MyISAM # +key-buffer-size = 32M +myisam-recover = FORCE,BACKUP + +# SAFETY # +max-allowed-packet = 64M +max-connect-errors = 1000000 +innodb = FORCE + +# DATA STORAGE # +datadir = /var/lib/mysql/ + +# BINARY LOGGING # +log-bin = /var/lib/mysql/mysql-bin +expire-logs-days = 14 +sync-binlog = 1 + +# REPLICATION # +server-id = 1 + +# CACHES AND LIMITS # +tmp-table-size = 32M +max-heap-table-size = 32M +query-cache-type = 0 +query-cache-size = 0 +max-connections = 500 +thread-cache-size = 50 +open-files-limit = 65535 +table-definition-cache = 4096 +table-open-cache = 10240 + +# INNODB # +innodb-flush-method = O_DIRECT +innodb-log-files-in-group = 2 +innodb-log-file-size = 512M +innodb-flush-log-at-trx-commit = 1 +innodb-file-per-table = 1 +innodb-buffer-pool-size = {{ (ansible_memtotal_mb*0.685)|round|int }}M +innodb-file-format = barracuda +innodb-large-prefix = 1 +collation-server = utf8mb4_unicode_ci +character-set-server = utf8mb4 +character-set-client-handshake = FALSE +max_allowed_packet = 64M + +# LOGGING # +log-error = /var/lib/mysql/mysql-error.log +log-queries-not-using-indexes = 0 +slow-query-log = 1 +slow-query-log-file = /var/lib/mysql/mysql-slow.log + +[mysql] +default-character-set = utf8mb4 From ead5dbf9a6e6ccaa3996c0871edc78d3a0de207b Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 28 Aug 2017 16:34:46 +0530 Subject: [PATCH 04/20] define vars for setting up bench and dev env --- playbooks/develop/centos.yml | 7 +++++-- playbooks/develop/debian.yml | 8 ++++++-- playbooks/develop/roles/mariadb/tasks/debian.yml | 1 + .../mariadb/tasks/mysql_secure_installation.yml | 9 +++++++-- playbooks/develop/roles/nodejs/tasks/main.yml | 1 + .../develop/roles/prerequisites/tasks/debian.yml | 16 ++++++++++++++++ .../develop/roles/prerequisites/tasks/main.yml | 13 ++++++++----- .../develop/roles/prerequisites/tasks/ubuntu.yml | 16 ++++++++++++++++ playbooks/develop/setup_essentials.yml | 4 ++-- playbooks/develop/ubuntu.yml | 6 ++++++ 10 files changed, 68 insertions(+), 13 deletions(-) create mode 100644 playbooks/develop/roles/prerequisites/tasks/debian.yml create mode 100644 playbooks/develop/roles/prerequisites/tasks/ubuntu.yml diff --git a/playbooks/develop/centos.yml b/playbooks/develop/centos.yml index cd236f93..292360d9 100755 --- a/playbooks/develop/centos.yml +++ b/playbooks/develop/centos.yml @@ -6,8 +6,6 @@ become: yes become_user: root vars: - bench_repo_path: "/home/{{ ansible_user_id }}/.bench" - bench_path: "/home/{{ ansible_user_id }}/frappe-bench" mysql_conf_tpl: ../files/mariadb_config.cnf mysql_secure_installation: True roles: @@ -17,6 +15,11 @@ - nodejs - psutil +- name: setup bench and dev environment + hosts: localhost + vars: + bench_repo_path: "/home/{{ ansible_user_id }}/.bench" + bench_path: "/home/{{ ansible_user_id }}/frappe-bench" tasks: # setup frappe-bench - include: includes/setup_bench.yml diff --git a/playbooks/develop/debian.yml b/playbooks/develop/debian.yml index 65cce5af..4b80213a 100755 --- a/playbooks/develop/debian.yml +++ b/playbooks/develop/debian.yml @@ -6,8 +6,6 @@ become: yes become_user: root vars: - bench_repo_path: "/home/{{ ansible_user_id }}/.bench" - bench_path: "/home/{{ ansible_user_id }}/frappe-bench" mysql_conf_tpl: ../files/mariadb_config.cnf mysql_secure_installation: True roles: @@ -16,6 +14,12 @@ - wkhtmltopdf - nodejs - psutil + +- name: setup bench and dev environment + hosts: localhost + vars: + bench_repo_path: "/home/{{ ansible_user_id }}/.bench" + bench_path: "/home/{{ ansible_user_id }}/frappe-bench" tasks: - debug: var: run_travis diff --git a/playbooks/develop/roles/mariadb/tasks/debian.yml b/playbooks/develop/roles/mariadb/tasks/debian.yml index 449f6973..ed188c3b 100644 --- a/playbooks/develop/roles/mariadb/tasks/debian.yml +++ b/playbooks/develop/roles/mariadb/tasks/debian.yml @@ -19,3 +19,4 @@ - mariadb-client - mariadb-common - libmariadbclient-dev + - python-mysqldb diff --git a/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml b/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml index 87452291..5a326624 100644 --- a/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml +++ b/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml @@ -8,13 +8,18 @@ mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present with_items: - localhost - - 127.0.0.1 - - ::1 ignore_errors: yes - name: Add .my.cnf template: src=my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 +- name: Set root Password + mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present + with_items: + - 127.0.0.1 + - ::1 + ignore_errors: yes + - name: Reload privilege tables command: 'mysql -ne "{{ item }}"' with_items: diff --git a/playbooks/develop/roles/nodejs/tasks/main.yml b/playbooks/develop/roles/nodejs/tasks/main.yml index f929c535..a72750a3 100644 --- a/playbooks/develop/roles/nodejs/tasks/main.yml +++ b/playbooks/develop/roles/nodejs/tasks/main.yml @@ -14,6 +14,7 @@ - name: Install node v6 yum: name=nodejs state=present + when: ansible_os_family == 'RedHat' - name: Add apt key for node repo apt_key: diff --git a/playbooks/develop/roles/prerequisites/tasks/debian.yml b/playbooks/develop/roles/prerequisites/tasks/debian.yml new file mode 100644 index 00000000..ffee520e --- /dev/null +++ b/playbooks/develop/roles/prerequisites/tasks/debian.yml @@ -0,0 +1,16 @@ +--- +- name: install pillow prerequisites for Debian < 8 + apt: pkg={{ item }} state=present + with_items: + - libtiff4-dev + - tcl8.5-dev + - tk8.5-dev + when: ansible_distribution_version | version_compare('8', 'lt') + +- name: install pillow prerequisites for Debian >= 8 + apt: pkg={{ item }} state=present + with_items: + - libtiff5-dev + - tcl8.5-dev + - tk8.5-dev + when: ansible_distribution_version | version_compare('8', 'ge') \ No newline at end of file diff --git a/playbooks/develop/roles/prerequisites/tasks/main.yml b/playbooks/develop/roles/prerequisites/tasks/main.yml index 80d208cc..7f961ebf 100644 --- a/playbooks/develop/roles/prerequisites/tasks/main.yml +++ b/playbooks/develop/roles/prerequisites/tasks/main.yml @@ -51,10 +51,8 @@ - htop - libcrypto++-dev - libfreetype6-dev - - libjpeg8-dev - liblcms2-dev - libssl-dev - - libtiff5-dev - libwebp-dev - libxext6 - libxrender1 @@ -69,8 +67,6 @@ - redis-server - screen - supervisor - - tcl8.6-dev - - tk8.6-dev - vim - xfonts-75dpi - xfonts-base @@ -78,10 +74,17 @@ - apt-transport-https - libsasl2-dev - libldap2-dev + - libjpeg8-dev when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' +- include: ubuntu.yml + when: ansible_distribution == 'Ubuntu' + +- include: debian.yml + when: ansible_os_family == 'Debian' + # Prerequisite for MACOS -- name: install prequisites +- name: install prequisites for macos homebrew: name={{ item }} state=present with_items: - cmake diff --git a/playbooks/develop/roles/prerequisites/tasks/ubuntu.yml b/playbooks/develop/roles/prerequisites/tasks/ubuntu.yml new file mode 100644 index 00000000..0b7b1bd3 --- /dev/null +++ b/playbooks/develop/roles/prerequisites/tasks/ubuntu.yml @@ -0,0 +1,16 @@ +--- +- name: install pillow prerequisites for Ubuntu < 14.04 + apt: pkg={{ item }} state=present force=yes + with_items: + - libtiff4-dev + - tcl8.5-dev + - tk8.5-dev + when: ansible_distribution_version | version_compare('14.04', 'lt') + +- name: install pillow prerequisites for Ubuntu >= 14.04 + apt: pkg={{ item }} state=present force=yes + with_items: + - libtiff5-dev + - tcl8.6-dev + - tk8.6-dev + when: ansible_distribution_version | version_compare('14.04', 'ge') \ No newline at end of file diff --git a/playbooks/develop/setup_essentials.yml b/playbooks/develop/setup_essentials.yml index 2bbaf47b..ed9cef0f 100644 --- a/playbooks/develop/setup_essentials.yml +++ b/playbooks/develop/setup_essentials.yml @@ -38,11 +38,11 @@ become_user: root when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') - - name: Install libselinux-python + - name: Install python selinux apt: pkg={{ item }} state=present force=yes with_items: - build-essential - python-dev - python-pip - - libselinux-python + - python-selinux when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu' diff --git a/playbooks/develop/ubuntu.yml b/playbooks/develop/ubuntu.yml index 361d375f..c6799c0f 100644 --- a/playbooks/develop/ubuntu.yml +++ b/playbooks/develop/ubuntu.yml @@ -16,6 +16,12 @@ - wkhtmltopdf - nodejs - psutil + +- name: setup bench and dev environment + hosts: localhost + vars: + bench_repo_path: "/home/{{ ansible_user_id }}/.bench" + bench_path: "/home/{{ ansible_user_id }}/frappe-bench" tasks: - debug: var: run_travis From e360b0702ad6d6db4d3b203794fb2bf599a900aa Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 28 Aug 2017 19:10:38 +0530 Subject: [PATCH 05/20] [fix] provision to specify bench name explicitly --- playbooks/develop/centos.yml | 2 +- playbooks/develop/includes/setup_mariadb.yml | 40 -------------------- playbooks/install.py | 4 ++ 3 files changed, 5 insertions(+), 41 deletions(-) delete mode 100644 playbooks/develop/includes/setup_mariadb.yml diff --git a/playbooks/develop/centos.yml b/playbooks/develop/centos.yml index 292360d9..571795aa 100755 --- a/playbooks/develop/centos.yml +++ b/playbooks/develop/centos.yml @@ -19,7 +19,7 @@ hosts: localhost vars: bench_repo_path: "/home/{{ ansible_user_id }}/.bench" - bench_path: "/home/{{ ansible_user_id }}/frappe-bench" + bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}" tasks: # setup frappe-bench - include: includes/setup_bench.yml diff --git a/playbooks/develop/includes/setup_mariadb.yml b/playbooks/develop/includes/setup_mariadb.yml deleted file mode 100644 index 2f563742..00000000 --- a/playbooks/develop/includes/setup_mariadb.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- - - name: Install MySQLdb in global env - pip: name=mysql-python version=1.2.5 - become: yes - become_user: root - - - name: Add configuration - template: src={{ mysql_config_template }} dest={{ mysql_conf_dir }}/frappe.cnf owner=root mode=0644 - become: yes - become_user: root - - - name: restart mysql linux - service: name=mysql state=restarted - become: yes - become_user: root - when: ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' - - - name: Set root Password - command: mysqladmin -u root password {{ mysql_root_password }} - become: yes - become_user: root - when: mysql_root_password is defined - # incase root password is already set - ignore_errors: yes - - - name: add launchagents folder mac - file: path=~/Library/LaunchAgents state=directory - when: ansible_distribution == 'MacOSX' - - - name: add mysql to mac startup - file: src=/usr/local/opt/mariadb/homebrew.mxcl.mariadb.plist path=~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist state=link force=yes - when: ansible_distribution == 'MacOSX' - - - name: stop mysql mac - command: launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist - when: ansible_distribution == 'MacOSX' - - - name: start mysql mac - command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist - when: ansible_distribution == 'MacOSX' diff --git a/playbooks/install.py b/playbooks/install.py index 1c6f7406..24c2d29e 100755 --- a/playbooks/install.py +++ b/playbooks/install.py @@ -103,6 +103,9 @@ def install_bench(args): branch = 'master' if args.production else 'develop' extra_vars.update(branch=branch) + + bench_name = 'frappe-bench' if not args.bench_name else args.bench_name + extra_vars.update(bench_name=bench_name) if args.develop: run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars) @@ -364,6 +367,7 @@ def parse_commandline_args(): # set passwords parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password') parser.add_argument('--admin-password', dest='admin_password', help='Set admin password') + parser.add_argument('--bench-name', dest='bench_name', help='Create bench with specified name. Default name is frappe-bench') args = parser.parse_args() From 2e6ca1613d86156085063ba9fbe1108de823533d Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 29 Aug 2017 12:21:06 +0530 Subject: [PATCH 06/20] roles to setup production environment --- .../roles/nginx/tasks/setup-Debian.yml | 6 -- playbooks/install.py | 3 + playbooks/production/files/nginx.conf | 76 +++++++++++++++++++ .../includes/setup_bench_production.yml | 2 +- .../production/includes/setup_prod_env.yml | 63 --------------- playbooks/production/install.yml | 41 ++++++++-- .../bash_screen_wall/files/screen_wall.sh | 8 ++ .../roles/bash_screen_wall/tasks/main.yml | 3 + .../roles/dns_caching/handlers/main.yml | 3 + .../roles/dns_caching/tasks/main.yml | 20 +++++ .../roles/fail2ban/defaults/main.yml | 2 + .../roles/fail2ban/handlers/main.yml | 3 + .../production/roles/fail2ban/tasks/main.yml | 23 ++++++ .../templates/nginx-proxy-filter.conf.j2 | 10 +++ .../templates/nginx-proxy-jail.conf.j2 | 8 ++ .../frappe_selinux/files}/frappe_selinux.te | 2 +- .../roles/frappe_selinux/tasks/main.yml | 29 +++++++ .../production/roles/locale/defaults/main.yml | 2 + .../production/roles/locale/tasks/main.yml | 19 +++++ .../roles/logwatch/defaults/main.yml | 3 + .../production/roles/logwatch/tasks/main.yml | 6 ++ .../roles/logwatch/templates/logwatch.conf.j2 | 2 + .../roles/nginx/.travis.yml | 0 .../roles/nginx/README.md | 0 .../roles/nginx/defaults/main.yml | 0 .../roles/nginx/handlers/main.yml | 0 .../roles/nginx/meta/main.yml | 0 .../roles/nginx/tasks/main.yml | 4 + .../roles/nginx/tasks/setup-Debian.yml | 18 +++++ .../roles/nginx/tasks/setup-RedHat.yml | 0 .../roles/nginx/tasks/vhosts.yml | 0 .../roles/nginx/templates/nginx.conf.j2 | 0 .../roles/nginx/templates/nginx.repo.j2 | 0 .../roles/nginx/templates/vhosts.j2 | 0 .../roles/nginx/tests/inventory | 0 .../roles/nginx/tests/test.yml | 0 .../roles/nginx/vars/Debian.yml | 0 .../roles/nginx/vars/RedHat.yml | 0 .../production/roles/ntpd/tasks/main.yml | 9 +++ .../production/roles/swap/defaults/main.yml | 1 + .../production/roles/swap/tasks/main.yml | 18 +++++ .../production/templates/default_nginx.j2 | 42 ---------- 42 files changed, 306 insertions(+), 120 deletions(-) delete mode 100644 playbooks/develop/roles/nginx/tasks/setup-Debian.yml create mode 100644 playbooks/production/files/nginx.conf create mode 100644 playbooks/production/roles/bash_screen_wall/files/screen_wall.sh create mode 100644 playbooks/production/roles/bash_screen_wall/tasks/main.yml create mode 100644 playbooks/production/roles/dns_caching/handlers/main.yml create mode 100644 playbooks/production/roles/dns_caching/tasks/main.yml create mode 100644 playbooks/production/roles/fail2ban/defaults/main.yml create mode 100644 playbooks/production/roles/fail2ban/handlers/main.yml create mode 100644 playbooks/production/roles/fail2ban/tasks/main.yml create mode 100644 playbooks/production/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 create mode 100644 playbooks/production/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 rename playbooks/production/{templates => roles/frappe_selinux/files}/frappe_selinux.te (95%) create mode 100644 playbooks/production/roles/frappe_selinux/tasks/main.yml create mode 100644 playbooks/production/roles/locale/defaults/main.yml create mode 100644 playbooks/production/roles/locale/tasks/main.yml create mode 100644 playbooks/production/roles/logwatch/defaults/main.yml create mode 100644 playbooks/production/roles/logwatch/tasks/main.yml create mode 100644 playbooks/production/roles/logwatch/templates/logwatch.conf.j2 rename playbooks/{develop => production}/roles/nginx/.travis.yml (100%) rename playbooks/{develop => production}/roles/nginx/README.md (100%) rename playbooks/{develop => production}/roles/nginx/defaults/main.yml (100%) rename playbooks/{develop => production}/roles/nginx/handlers/main.yml (100%) rename playbooks/{develop => production}/roles/nginx/meta/main.yml (100%) rename playbooks/{develop => production}/roles/nginx/tasks/main.yml (84%) create mode 100644 playbooks/production/roles/nginx/tasks/setup-Debian.yml rename playbooks/{develop => production}/roles/nginx/tasks/setup-RedHat.yml (100%) rename playbooks/{develop => production}/roles/nginx/tasks/vhosts.yml (100%) rename playbooks/{develop => production}/roles/nginx/templates/nginx.conf.j2 (100%) rename playbooks/{develop => production}/roles/nginx/templates/nginx.repo.j2 (100%) rename playbooks/{develop => production}/roles/nginx/templates/vhosts.j2 (100%) rename playbooks/{develop => production}/roles/nginx/tests/inventory (100%) rename playbooks/{develop => production}/roles/nginx/tests/test.yml (100%) rename playbooks/{develop => production}/roles/nginx/vars/Debian.yml (100%) rename playbooks/{develop => production}/roles/nginx/vars/RedHat.yml (100%) create mode 100644 playbooks/production/roles/ntpd/tasks/main.yml create mode 100644 playbooks/production/roles/swap/defaults/main.yml create mode 100644 playbooks/production/roles/swap/tasks/main.yml delete mode 100644 playbooks/production/templates/default_nginx.j2 diff --git a/playbooks/develop/roles/nginx/tasks/setup-Debian.yml b/playbooks/develop/roles/nginx/tasks/setup-Debian.yml deleted file mode 100644 index ced11b65..00000000 --- a/playbooks/develop/roles/nginx/tasks/setup-Debian.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Ensure nginx is installed. - apt: - pkg: nginx - state: installed - default_release: "{{ nginx_default_release }}" diff --git a/playbooks/install.py b/playbooks/install.py index 24c2d29e..3986c70a 100755 --- a/playbooks/install.py +++ b/playbooks/install.py @@ -343,6 +343,9 @@ def parse_commandline_args(): parser.add_argument('--site', dest='site', action='store', default='site1.local', help='Specifiy name for your first ERPNext site') + + parser.add_argument('--without-site', dest='without_site', action='store_true', + default=False) parser.add_argument('--verbose', dest='verbosity', action='store_true', default=False, help='Run the script in verbose mode') diff --git a/playbooks/production/files/nginx.conf b/playbooks/production/files/nginx.conf new file mode 100644 index 00000000..d69a3e12 --- /dev/null +++ b/playbooks/production/files/nginx.conf @@ -0,0 +1,76 @@ +user nginx; +worker_processes auto; +worker_rlimit_nofile 65535; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections {{ nginx_worker_connections or 2048 }}; + multi_accept on; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + # keepalive_timeout 10; + # keepalive_requests 10; + + gzip on; + gzip_disable "msie6"; + gzip_http_version 1.1; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_vary on; + gzip_types + application/atom+xml + application/javascript + application/json + application/rss+xml + application/vnd.ms-fontobject + application/x-font-ttf + application/font-woff + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/svg+xml + image/x-icon + text/css + text/plain + text/x-component + ; + + server_names_hash_max_size 4096; + + open_file_cache max=65000 inactive=1m; + open_file_cache_valid 5s; + open_file_cache_min_uses 1; + open_file_cache_errors on; + + ssl_protocols SSLv3 TLSv1; + ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; + ssl_prefer_server_ciphers on; + + client_max_body_size 50m; + large_client_header_buffers 4 32k; + + proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=web-cache:8m max_size=1000m inactive=600m; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/playbooks/production/includes/setup_bench_production.yml b/playbooks/production/includes/setup_bench_production.yml index 2acbb71f..0814ad1d 100644 --- a/playbooks/production/includes/setup_bench_production.yml +++ b/playbooks/production/includes/setup_bench_production.yml @@ -1,7 +1,7 @@ --- - hosts: localhost vars: - bench_path: "/home/{{ ansible_user_id }}/frappe-bench" + bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}" tasks: diff --git a/playbooks/production/includes/setup_prod_env.yml b/playbooks/production/includes/setup_prod_env.yml index ffa00c20..9a003618 100755 --- a/playbooks/production/includes/setup_prod_env.yml +++ b/playbooks/production/includes/setup_prod_env.yml @@ -3,60 +3,6 @@ tasks: - - name: Add nginx apt repository key for Debian < 8 - apt_key: - url: http://nginx.org/keys/nginx_signing.key - state: present - become: yes - become_user: root - when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') - - - name: Add nginx apt repository for Debian < 8 - apt_repository: - repo: 'deb [arch=amd64,i386] http://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx' - state: present - become: yes - become_user: root - when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') - - ##################################### - # Ubuntu Production Environment Setup - - name: Install production pre-requisites - become: yes - become_user: root - apt: pkg={{ item }} state=present - with_items: - - nginx - - screen - - vim - - htop - - git - - postfix - - supervisor - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - - ##################################### - # CentOS Production Environment Setup - - name: Install production pre-requisites - become: yes - become_user: root - yum: pkg={{ item }} state=present - with_items: - - nginx - - screen - - vim - - htop - - git - - postfix - - MySQL-python - when: ansible_distribution == 'CentOS' - - - name: Install supervisor using yum for Centos 7 - yum: pkg=supervisor state=present - become: yes - become_user: root - when: ansible_distribution == 'CentOS' and ansible_lsb.major_release == '7' - #################################################### # Replace default nginx config with nginx template - name: Rename default nginx.conf to nginx.conf.old @@ -146,12 +92,3 @@ become_user: root when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - - name: insert/update inputrc for history - blockinfile: - dest: "/home/{{ ansible_user_id }}/.inputrc" - create: yes - block: | - ## arrow up - "\e[A":history-search-backward - ## arrow down - "\e[B":history-search-forward \ No newline at end of file diff --git a/playbooks/production/install.yml b/playbooks/production/install.yml index 0a2fd77d..07f8dd7d 100644 --- a/playbooks/production/install.yml +++ b/playbooks/production/install.yml @@ -1,15 +1,42 @@ --- - - hosts: localhost - # Install the common pre-requisites for the setting up bench - include: ../develop/install.yml - # Install the production environment - - include: includes/setup_prod_env.yml + #install production pre-requisites + - name: Apply basic roles + hosts: localhost + become: yes + become_user: root + vars: + - nginx_conf_file: ../files/nginx.conf + roles: + - locale + - swap + - logwatch + - bash_screen_wall + - frappe_selinux + - dns_caching + - ntpd + - nginx + - fail2ban + tasks: + - name: Set hostname + hostname: name='{{ hostname }}' + when: hostname is defined + + - name: Start NTPD + service: name=ntpd state=started + + - name: insert/update inputrc for history + blockinfile: + dest: "/home/{{ ansible_user_id }}/.inputrc" + create: yes + block: | + ## arrow up + "\e[A":history-search-backward + ## arrow down + "\e[B":history-search-forward # Setup Bench for production environment - include: includes/setup_bench_production.yml when: not run_travis - - # Setup SELinux Policy, Optional can be done later - # - include: includes/setup_selinux_policy.yml diff --git a/playbooks/production/roles/bash_screen_wall/files/screen_wall.sh b/playbooks/production/roles/bash_screen_wall/files/screen_wall.sh new file mode 100644 index 00000000..dec411e2 --- /dev/null +++ b/playbooks/production/roles/bash_screen_wall/files/screen_wall.sh @@ -0,0 +1,8 @@ +if [ $TERM != 'screen' ] +then + PS1='HEY! USE SCREEN '$PS1 +fi + +sw() { + screen -x $1 || screen -S $1 +} diff --git a/playbooks/production/roles/bash_screen_wall/tasks/main.yml b/playbooks/production/roles/bash_screen_wall/tasks/main.yml new file mode 100644 index 00000000..338b6fbc --- /dev/null +++ b/playbooks/production/roles/bash_screen_wall/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: Setup bash screen wall + copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh \ No newline at end of file diff --git a/playbooks/production/roles/dns_caching/handlers/main.yml b/playbooks/production/roles/dns_caching/handlers/main.yml new file mode 100644 index 00000000..5f7cb344 --- /dev/null +++ b/playbooks/production/roles/dns_caching/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart network manager + service: name=NetworkManager state=restarted diff --git a/playbooks/production/roles/dns_caching/tasks/main.yml b/playbooks/production/roles/dns_caching/tasks/main.yml new file mode 100644 index 00000000..334e6e26 --- /dev/null +++ b/playbooks/production/roles/dns_caching/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: check NetworkManager.conf exists + stat: + path: /etc/NetworkManager/NetworkManager.conf + register: result + +- name: unmask NetworkManager service + command: systemctl unmask NetworkManager + when: result.stat.exists + +- name: add dnsmasq to network config + lineinfile: > + dest=/etc/NetworkManager/NetworkManager.conf + regexp="dns=" + line="dns=dnsmasq" + state=present + when: result.stat.exists + notify: + - restart network manager + diff --git a/playbooks/production/roles/fail2ban/defaults/main.yml b/playbooks/production/roles/fail2ban/defaults/main.yml new file mode 100644 index 00000000..3feadba7 --- /dev/null +++ b/playbooks/production/roles/fail2ban/defaults/main.yml @@ -0,0 +1,2 @@ +--- +fail2ban_nginx_access_log: /var/log/nginx/access.log \ No newline at end of file diff --git a/playbooks/production/roles/fail2ban/handlers/main.yml b/playbooks/production/roles/fail2ban/handlers/main.yml new file mode 100644 index 00000000..d675d4d5 --- /dev/null +++ b/playbooks/production/roles/fail2ban/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart fail2ban + service: name=fail2ban state=restarted \ No newline at end of file diff --git a/playbooks/production/roles/fail2ban/tasks/main.yml b/playbooks/production/roles/fail2ban/tasks/main.yml new file mode 100644 index 00000000..415ffbe3 --- /dev/null +++ b/playbooks/production/roles/fail2ban/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Install fail2ban + yum: name=fail2ban state=present + +- name: Enable fail2ban + service: name=fail2ban enabled=yes + +- name: Create jail.d + file: path=/etc/fail2ban/jail.d state=directory + +- name: Setup filters + template: src="{{item}}-filter.conf.j2" dest="/etc/fail2ban/filter.d/{{item}}.conf" + with_items: + - nginx-proxy + notify: + - restart fail2ban + +- name: setup jails + template: src="{{item}}-jail.conf.j2" dest="/etc/fail2ban/jail.d/{{item}}.conf" + with_items: + - nginx-proxy + notify: + - restart fail2ban diff --git a/playbooks/production/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 b/playbooks/production/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 new file mode 100644 index 00000000..27f74cd5 --- /dev/null +++ b/playbooks/production/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 @@ -0,0 +1,10 @@ +# Block IPs trying to use server as proxy. +[Definition] +failregex = .*\" 400 + .*"[A-Z]* /(cms|muieblackcat|db|cpcommerce|cgi-bin|wp-login|joomla|awstatstotals|wp-content|wp-includes|pma|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|pmadb|phpmyadmin1|phpmyadmin2).*" 4[\d][\d] + .*".*supports_implicit_sdk_logging.*" 4[\d][\d] + .*".*activities?advertiser_tracking_enabled.*" 4[\d][\d] + .*".*/picture?type=normal.*" 4[\d][\d] + .*".*/announce.php?info_hash=.*" 4[\d][\d] + +ignoreregex = \ No newline at end of file diff --git a/playbooks/production/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 b/playbooks/production/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 new file mode 100644 index 00000000..23a1dfc7 --- /dev/null +++ b/playbooks/production/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 @@ -0,0 +1,8 @@ +## block hosts trying to abuse our server as a forward proxy +[nginx-proxy] +enabled = true +filter = nginx-proxy +logpath = {{ fail2ban_nginx_access_log }} +action = iptables-multiport[name=NoNginxProxy, port="http,https"] +maxretry = 2 +bantime = 86400 \ No newline at end of file diff --git a/playbooks/production/templates/frappe_selinux.te b/playbooks/production/roles/frappe_selinux/files/frappe_selinux.te similarity index 95% rename from playbooks/production/templates/frappe_selinux.te rename to playbooks/production/roles/frappe_selinux/files/frappe_selinux.te index 0551ebad..b8cd1f0f 100644 --- a/playbooks/production/templates/frappe_selinux.te +++ b/playbooks/production/roles/frappe_selinux/files/frappe_selinux.te @@ -29,4 +29,4 @@ allow httpd_t user_home_t:file open; allow httpd_t user_home_t:file read; #!!!! This avc is allowed in the current policy -allow httpd_t user_home_t:lnk_file read; +allow httpd_t user_home_t:lnk_file read; \ No newline at end of file diff --git a/playbooks/production/roles/frappe_selinux/tasks/main.yml b/playbooks/production/roles/frappe_selinux/tasks/main.yml new file mode 100644 index 00000000..79c19d5b --- /dev/null +++ b/playbooks/production/roles/frappe_selinux/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: Install deps + yum: name="{{item}}" state=present + with_items: + - policycoreutils-python + - selinux-policy-devel + when: ansible_distribution == 'CentOS' + +- name: Install SELinux for Ubuntu + apt: name={{ item }} state=present + with_items: + - selinux + - selinux-policy-dev + when: ansible_distribution == 'Ubuntu' + +- name: Check enabled SELinux modules + shell: semanage module -l + register: enabled_modules + +- name: Copy frappe_selinux policy + copy: src=frappe_selinux.te dest=/root/frappe_selinux.te + register: dest_frappe_selinux_te + +- name: Compile frappe_selinux policy + shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp" + args: + chdir: /root/ + when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed" + diff --git a/playbooks/production/roles/locale/defaults/main.yml b/playbooks/production/roles/locale/defaults/main.yml new file mode 100644 index 00000000..3b713b45 --- /dev/null +++ b/playbooks/production/roles/locale/defaults/main.yml @@ -0,0 +1,2 @@ +locale_keymap: us +locale_lang: en_US.utf8 \ No newline at end of file diff --git a/playbooks/production/roles/locale/tasks/main.yml b/playbooks/production/roles/locale/tasks/main.yml new file mode 100644 index 00000000..4e402ca2 --- /dev/null +++ b/playbooks/production/roles/locale/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Check current locale + shell: localectl + register: locale_test + +- name: Set Locale + command: "localectl set-locale LANG={{ locale_lang }}" + when: locale_test.stdout.find('LANG={{ locale_lang }}') == -1 + +- name: Set keymap + command: "localectl set-keymap {{ locale_keymap }}" + when: "locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1" + +- name: Set Locale as en_US + lineinfile: dest=/etc/environment backup=yes line="{{ item }}" + with_items: + - "LC_ALL=en_US.UTF-8" + - "LC_CTYPE=en_US.UTF-8" + - "LANG=en_US.UTF-8" \ No newline at end of file diff --git a/playbooks/production/roles/logwatch/defaults/main.yml b/playbooks/production/roles/logwatch/defaults/main.yml new file mode 100644 index 00000000..7c82c654 --- /dev/null +++ b/playbooks/production/roles/logwatch/defaults/main.yml @@ -0,0 +1,3 @@ +--- +logwatch_emails: "{{ admin_emails }}" +logwatch_detail: High diff --git a/playbooks/production/roles/logwatch/tasks/main.yml b/playbooks/production/roles/logwatch/tasks/main.yml new file mode 100644 index 00000000..6d129c69 --- /dev/null +++ b/playbooks/production/roles/logwatch/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Install logwatch + yum: name=logwatch state=present + +- name: Copy logwatch config + template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes \ No newline at end of file diff --git a/playbooks/production/roles/logwatch/templates/logwatch.conf.j2 b/playbooks/production/roles/logwatch/templates/logwatch.conf.j2 new file mode 100644 index 00000000..a5c45cf8 --- /dev/null +++ b/playbooks/production/roles/logwatch/templates/logwatch.conf.j2 @@ -0,0 +1,2 @@ +MailTo = {{ logwatch_emails }} +Detail = {{ logwatch_detail }} \ No newline at end of file diff --git a/playbooks/develop/roles/nginx/.travis.yml b/playbooks/production/roles/nginx/.travis.yml similarity index 100% rename from playbooks/develop/roles/nginx/.travis.yml rename to playbooks/production/roles/nginx/.travis.yml diff --git a/playbooks/develop/roles/nginx/README.md b/playbooks/production/roles/nginx/README.md similarity index 100% rename from playbooks/develop/roles/nginx/README.md rename to playbooks/production/roles/nginx/README.md diff --git a/playbooks/develop/roles/nginx/defaults/main.yml b/playbooks/production/roles/nginx/defaults/main.yml similarity index 100% rename from playbooks/develop/roles/nginx/defaults/main.yml rename to playbooks/production/roles/nginx/defaults/main.yml diff --git a/playbooks/develop/roles/nginx/handlers/main.yml b/playbooks/production/roles/nginx/handlers/main.yml similarity index 100% rename from playbooks/develop/roles/nginx/handlers/main.yml rename to playbooks/production/roles/nginx/handlers/main.yml diff --git a/playbooks/develop/roles/nginx/meta/main.yml b/playbooks/production/roles/nginx/meta/main.yml similarity index 100% rename from playbooks/develop/roles/nginx/meta/main.yml rename to playbooks/production/roles/nginx/meta/main.yml diff --git a/playbooks/develop/roles/nginx/tasks/main.yml b/playbooks/production/roles/nginx/tasks/main.yml similarity index 84% rename from playbooks/develop/roles/nginx/tasks/main.yml rename to playbooks/production/roles/nginx/tasks/main.yml index 790e8f24..ce7b4f27 100644 --- a/playbooks/develop/roles/nginx/tasks/main.yml +++ b/playbooks/production/roles/nginx/tasks/main.yml @@ -15,6 +15,10 @@ - include: setup-Debian.yml when: ansible_os_family == 'Debian' +# Replace default nginx config with nginx template +- name: Rename default nginx.conf to nginx.conf.old + command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old + # Nginx setup. - name: Copy nginx configuration in place. template: diff --git a/playbooks/production/roles/nginx/tasks/setup-Debian.yml b/playbooks/production/roles/nginx/tasks/setup-Debian.yml new file mode 100644 index 00000000..2f50fb37 --- /dev/null +++ b/playbooks/production/roles/nginx/tasks/setup-Debian.yml @@ -0,0 +1,18 @@ +--- +- name: Add nginx apt repository key for Debian < 8 + apt_key: + url: http://nginx.org/keys/nginx_signing.key + state: present + when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') + +- name: Add nginx apt repository for Debian < 8 + apt_repository: + repo: 'deb [arch=amd64,i386] http://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx' + state: present + when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt') + +- name: Ensure nginx is installed. + apt: + pkg: nginx + state: installed + default_release: "{{ nginx_default_release }}" diff --git a/playbooks/develop/roles/nginx/tasks/setup-RedHat.yml b/playbooks/production/roles/nginx/tasks/setup-RedHat.yml similarity index 100% rename from playbooks/develop/roles/nginx/tasks/setup-RedHat.yml rename to playbooks/production/roles/nginx/tasks/setup-RedHat.yml diff --git a/playbooks/develop/roles/nginx/tasks/vhosts.yml b/playbooks/production/roles/nginx/tasks/vhosts.yml similarity index 100% rename from playbooks/develop/roles/nginx/tasks/vhosts.yml rename to playbooks/production/roles/nginx/tasks/vhosts.yml diff --git a/playbooks/develop/roles/nginx/templates/nginx.conf.j2 b/playbooks/production/roles/nginx/templates/nginx.conf.j2 similarity index 100% rename from playbooks/develop/roles/nginx/templates/nginx.conf.j2 rename to playbooks/production/roles/nginx/templates/nginx.conf.j2 diff --git a/playbooks/develop/roles/nginx/templates/nginx.repo.j2 b/playbooks/production/roles/nginx/templates/nginx.repo.j2 similarity index 100% rename from playbooks/develop/roles/nginx/templates/nginx.repo.j2 rename to playbooks/production/roles/nginx/templates/nginx.repo.j2 diff --git a/playbooks/develop/roles/nginx/templates/vhosts.j2 b/playbooks/production/roles/nginx/templates/vhosts.j2 similarity index 100% rename from playbooks/develop/roles/nginx/templates/vhosts.j2 rename to playbooks/production/roles/nginx/templates/vhosts.j2 diff --git a/playbooks/develop/roles/nginx/tests/inventory b/playbooks/production/roles/nginx/tests/inventory similarity index 100% rename from playbooks/develop/roles/nginx/tests/inventory rename to playbooks/production/roles/nginx/tests/inventory diff --git a/playbooks/develop/roles/nginx/tests/test.yml b/playbooks/production/roles/nginx/tests/test.yml similarity index 100% rename from playbooks/develop/roles/nginx/tests/test.yml rename to playbooks/production/roles/nginx/tests/test.yml diff --git a/playbooks/develop/roles/nginx/vars/Debian.yml b/playbooks/production/roles/nginx/vars/Debian.yml similarity index 100% rename from playbooks/develop/roles/nginx/vars/Debian.yml rename to playbooks/production/roles/nginx/vars/Debian.yml diff --git a/playbooks/develop/roles/nginx/vars/RedHat.yml b/playbooks/production/roles/nginx/vars/RedHat.yml similarity index 100% rename from playbooks/develop/roles/nginx/vars/RedHat.yml rename to playbooks/production/roles/nginx/vars/RedHat.yml diff --git a/playbooks/production/roles/ntpd/tasks/main.yml b/playbooks/production/roles/ntpd/tasks/main.yml new file mode 100644 index 00000000..19881f82 --- /dev/null +++ b/playbooks/production/roles/ntpd/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Install ntpd + yum: name="{{item}}" state=installed + with_items: + - ntp + - ntpdate + +- name: enable ntpd + service: name=ntpd enabled=yes state=started \ No newline at end of file diff --git a/playbooks/production/roles/swap/defaults/main.yml b/playbooks/production/roles/swap/defaults/main.yml new file mode 100644 index 00000000..3eac0ae0 --- /dev/null +++ b/playbooks/production/roles/swap/defaults/main.yml @@ -0,0 +1 @@ +swap_size_mb: 1024 \ No newline at end of file diff --git a/playbooks/production/roles/swap/tasks/main.yml b/playbooks/production/roles/swap/tasks/main.yml new file mode 100644 index 00000000..1d61d2f4 --- /dev/null +++ b/playbooks/production/roles/swap/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Create swap space + command: dd if=/dev/zero of=/extraswap bs=1M count={{swap_size_mb}} + when: ansible_swaptotal_mb < 1 + +- name: Make swap + command: mkswap /extraswap + when: ansible_swaptotal_mb < 1 + +- name: Add to fstab + action: lineinfile dest=/etc/fstab regexp="extraswap" line="/extraswap none swap sw 0 0" state=present + when: ansible_swaptotal_mb < 1 + +- name: Turn swap on + command: swapon -a + when: ansible_swaptotal_mb < 1 + +- name: Set swapiness + shell: echo 1 | tee /proc/sys/vm/swappiness \ No newline at end of file diff --git a/playbooks/production/templates/default_nginx.j2 b/playbooks/production/templates/default_nginx.j2 deleted file mode 100644 index 4170888d..00000000 --- a/playbooks/production/templates/default_nginx.j2 +++ /dev/null @@ -1,42 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -{% if ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' %} - {% set nginx_user = 'www-data'%} -{% elif ansible_distribution == 'CentOS' %} - {% set nginx_user = 'nginx '%} -{% else %} - {% set nginx_user = 'nobody' %} -{% endif %} - -user {{ nginx_user }}; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -events { - worker_connections {{ max_worker_connections }}; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; -} From 25255034291ca63e7862ac2eb515508659dd1dbc Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 29 Aug 2017 12:40:26 +0530 Subject: [PATCH 07/20] [fix] setup logwatch for debian and ubuntu --- playbooks/production/files/nginx.conf | 2 +- playbooks/production/includes/setup_inputrc.yml | 12 ++++++++++++ playbooks/production/install.yml | 17 +++++++---------- .../production/roles/fail2ban/tasks/main.yml | 5 +++++ .../roles/frappe_selinux/tasks/main.yml | 16 +++++++++------- .../production/roles/logwatch/tasks/main.yml | 8 +++++++- playbooks/production/roles/nginx/tasks/main.yml | 1 + playbooks/production/roles/ntpd/tasks/main.yml | 16 +++++++++++++++- 8 files changed, 57 insertions(+), 20 deletions(-) create mode 100644 playbooks/production/includes/setup_inputrc.yml diff --git a/playbooks/production/files/nginx.conf b/playbooks/production/files/nginx.conf index d69a3e12..477b9904 100644 --- a/playbooks/production/files/nginx.conf +++ b/playbooks/production/files/nginx.conf @@ -1,4 +1,4 @@ -user nginx; +user {{ nginx_user }}; worker_processes auto; worker_rlimit_nofile 65535; diff --git a/playbooks/production/includes/setup_inputrc.yml b/playbooks/production/includes/setup_inputrc.yml new file mode 100644 index 00000000..6cf0b926 --- /dev/null +++ b/playbooks/production/includes/setup_inputrc.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + tasks: + - name: insert/update inputrc for history + blockinfile: + dest: "/home/{{ ansible_user_id }}/.inputrc" + create: yes + block: | + ## arrow up + "\e[A":history-search-backward + ## arrow down + "\e[B":history-search-forward \ No newline at end of file diff --git a/playbooks/production/install.yml b/playbooks/production/install.yml index 07f8dd7d..0f58a058 100644 --- a/playbooks/production/install.yml +++ b/playbooks/production/install.yml @@ -8,7 +8,7 @@ become: yes become_user: root vars: - - nginx_conf_file: ../files/nginx.conf + - nginx_conf_file: files/nginx.conf roles: - locale - swap @@ -26,16 +26,13 @@ - name: Start NTPD service: name=ntpd state=started + when: ansible_distribution == 'CentOS' - - name: insert/update inputrc for history - blockinfile: - dest: "/home/{{ ansible_user_id }}/.inputrc" - create: yes - block: | - ## arrow up - "\e[A":history-search-backward - ## arrow down - "\e[B":history-search-forward + - name: Start NTPD + service: name=ntp state=started + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + + - include: includes/setup_inputrc.yml # Setup Bench for production environment - include: includes/setup_bench_production.yml diff --git a/playbooks/production/roles/fail2ban/tasks/main.yml b/playbooks/production/roles/fail2ban/tasks/main.yml index 415ffbe3..d7866036 100644 --- a/playbooks/production/roles/fail2ban/tasks/main.yml +++ b/playbooks/production/roles/fail2ban/tasks/main.yml @@ -1,6 +1,11 @@ --- - name: Install fail2ban yum: name=fail2ban state=present + when: ansible_distribution == 'CentOS' + +- name: Install fail2ban + apt: name=fail2ban state=present + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - name: Enable fail2ban service: name=fail2ban enabled=yes diff --git a/playbooks/production/roles/frappe_selinux/tasks/main.yml b/playbooks/production/roles/frappe_selinux/tasks/main.yml index 79c19d5b..d2ef05f7 100644 --- a/playbooks/production/roles/frappe_selinux/tasks/main.yml +++ b/playbooks/production/roles/frappe_selinux/tasks/main.yml @@ -6,24 +6,26 @@ - selinux-policy-devel when: ansible_distribution == 'CentOS' -- name: Install SELinux for Ubuntu - apt: name={{ item }} state=present - with_items: - - selinux - - selinux-policy-dev - when: ansible_distribution == 'Ubuntu' +# - name: Install SELinux for Ubuntu +# apt: name={{ item }} state=present +# with_items: +# - selinux +# - selinux-policy-dev +# when: ansible_distribution == 'Ubuntu' - name: Check enabled SELinux modules shell: semanage module -l register: enabled_modules + when: ansible_distribution == 'CentOS' - name: Copy frappe_selinux policy copy: src=frappe_selinux.te dest=/root/frappe_selinux.te register: dest_frappe_selinux_te + when: ansible_distribution == 'CentOS' - name: Compile frappe_selinux policy shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp" args: chdir: /root/ - when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed" + when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed" diff --git a/playbooks/production/roles/logwatch/tasks/main.yml b/playbooks/production/roles/logwatch/tasks/main.yml index 6d129c69..7d44e2bb 100644 --- a/playbooks/production/roles/logwatch/tasks/main.yml +++ b/playbooks/production/roles/logwatch/tasks/main.yml @@ -1,6 +1,12 @@ --- - name: Install logwatch yum: name=logwatch state=present + when: ansible_distribution == 'CentOS' + +- name: Install logwatch on Ubuntu or Debian + apt: name=logwatch state=present + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - name: Copy logwatch config - template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes \ No newline at end of file + template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes + when: admin_emails is defined \ No newline at end of file diff --git a/playbooks/production/roles/nginx/tasks/main.yml b/playbooks/production/roles/nginx/tasks/main.yml index ce7b4f27..b7718107 100644 --- a/playbooks/production/roles/nginx/tasks/main.yml +++ b/playbooks/production/roles/nginx/tasks/main.yml @@ -18,6 +18,7 @@ # Replace default nginx config with nginx template - name: Rename default nginx.conf to nginx.conf.old command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old + when: ansible_os_family == 'Debian' # Nginx setup. - name: Copy nginx configuration in place. diff --git a/playbooks/production/roles/ntpd/tasks/main.yml b/playbooks/production/roles/ntpd/tasks/main.yml index 19881f82..9babcb45 100644 --- a/playbooks/production/roles/ntpd/tasks/main.yml +++ b/playbooks/production/roles/ntpd/tasks/main.yml @@ -4,6 +4,20 @@ with_items: - ntp - ntpdate + when: ansible_distribution == 'CentOS' - name: enable ntpd - service: name=ntpd enabled=yes state=started \ No newline at end of file + service: name=ntpd enabled=yes state=started + when: ansible_distribution == 'CentOS' + +- name: Install ntpd + apt: name="{{item}}" state=installed + with_items: + - ntp + - ntpdate + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + +- name: enable ntpd + service: name=ntp enabled=yes state=started + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + From 22a826bbdee48651db3ff33c2dec85c56a971b0c Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 29 Aug 2017 18:51:47 +0530 Subject: [PATCH 08/20] comnify distribution wise setup and install prerequisites separately --- playbooks/develop/centos.yml | 1 - playbooks/develop/install.yml | 43 ++++++-- .../roles/prerequisites/tasks/main.yml | 94 ------------------ .../tasks => prerequisites}/debian.yml | 0 .../prerequisites/install_prerequisites.yml | 98 +++++++++++++++++++ .../tasks => prerequisites}/ubuntu.yml | 0 6 files changed, 135 insertions(+), 101 deletions(-) delete mode 100644 playbooks/develop/roles/prerequisites/tasks/main.yml rename playbooks/{develop/roles/prerequisites/tasks => prerequisites}/debian.yml (100%) create mode 100644 playbooks/prerequisites/install_prerequisites.yml rename playbooks/{develop/roles/prerequisites/tasks => prerequisites}/ubuntu.yml (100%) diff --git a/playbooks/develop/centos.yml b/playbooks/develop/centos.yml index 571795aa..8cc9c2d9 100755 --- a/playbooks/develop/centos.yml +++ b/playbooks/develop/centos.yml @@ -9,7 +9,6 @@ mysql_conf_tpl: ../files/mariadb_config.cnf mysql_secure_installation: True roles: - - prerequisites - mariadb - wkhtmltopdf - nodejs diff --git a/playbooks/develop/install.yml b/playbooks/develop/install.yml index be793add..eb44b08c 100644 --- a/playbooks/develop/install.yml +++ b/playbooks/develop/install.yml @@ -1,14 +1,45 @@ --- - hosts: localhost +- include: setup_essentials.yml + +- include: ../prerequisites/install_prerequisites.yml + - include: macosx.yml when: ansible_distribution == 'MacOSX' -- include: ubuntu.yml - when: ansible_distribution == 'Ubuntu' +- name: "Setup mariadb, wkhtmltopdf, nodejs and psutil" + hosts: localhost + become: yes + become_user: root + vars: + mysql_conf_tpl: ../files/mariadb_config.cnf + mysql_secure_installation: True + roles: + - mariadb + - wkhtmltopdf + - nodejs + - psutil -- include: centos.yml - when: ansible_distribution == 'CentOS' +- name: setup bench and dev environment + hosts: localhost + vars: + bench_repo_path: "/home/{{ ansible_user_id }}/.bench" + bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}" + tasks: + # setup frappe-bench + - include: includes/setup_bench.yml + when: not run_travis and not without_bench_setup -- include: debian.yml - when: ansible_distribution == 'Debian' \ No newline at end of file + # setup development environment + - include: includes/setup_dev_env.yml + when: not run_travis and not production + +# - include: ubuntu.yml +# when: ansible_distribution == 'Ubuntu' +# +# - include: centos.yml +# when: ansible_distribution == 'CentOS' +# +# - include: debian.yml +# when: ansible_distribution == 'Debian' \ No newline at end of file diff --git a/playbooks/develop/roles/prerequisites/tasks/main.yml b/playbooks/develop/roles/prerequisites/tasks/main.yml deleted file mode 100644 index 7f961ebf..00000000 --- a/playbooks/develop/roles/prerequisites/tasks/main.yml +++ /dev/null @@ -1,94 +0,0 @@ ---- -# Prerequisite for centos -- name: Install yum packages - yum: name={{ item }} state=present - with_items: - - bzip2-devel - - cronie - - dnsmasq - - freetype-devel - - git - - htop - - lcms2-devel - - libjpeg-devel - - libtiff-devel - - libffi-devel - - libwebp-devel - - libXext - - libXrender - - libzip-devel - - libffi-devel - - ntp - - openssl-devel - - postfix - - python-devel - - python-setuptools - - python-pip - - redis - - screen - - sudo - - supervisor - - tcl-devel - - tk-devel - - vim - - which - - xorg-x11-fonts-75dpi - - xorg-x11-fonts-Type1 - - zlib-devel - - openssl-devel - - openldap-devel - when: ansible_os_family == 'RedHat' - -# Prerequisite for Debian and Ubuntu -- name: Install apt packages - apt: pkg={{ item }} state=present force=yes - with_items: - - build-essential - - software-properties-common - - dnsmasq - - fontconfig - - git - - htop - - libcrypto++-dev - - libfreetype6-dev - - liblcms2-dev - - libssl-dev - - libwebp-dev - - libxext6 - - libxrender1 - - libxslt1-dev - - libxslt1.1 - - libffi-dev - - ntp - - postfix - - python-dev - - python-pip - - python-tk - - redis-server - - screen - - supervisor - - vim - - xfonts-75dpi - - xfonts-base - - zlib1g-dev - - apt-transport-https - - libsasl2-dev - - libldap2-dev - - libjpeg8-dev - when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' - -- include: ubuntu.yml - when: ansible_distribution == 'Ubuntu' - -- include: debian.yml - when: ansible_os_family == 'Debian' - -# Prerequisite for MACOS -- name: install prequisites for macos - homebrew: name={{ item }} state=present - with_items: - - cmake - - redis - - mariadb - - nodejs - when: ansible_distribution == 'MacOSX' \ No newline at end of file diff --git a/playbooks/develop/roles/prerequisites/tasks/debian.yml b/playbooks/prerequisites/debian.yml similarity index 100% rename from playbooks/develop/roles/prerequisites/tasks/debian.yml rename to playbooks/prerequisites/debian.yml diff --git a/playbooks/prerequisites/install_prerequisites.yml b/playbooks/prerequisites/install_prerequisites.yml new file mode 100644 index 00000000..0fcd2654 --- /dev/null +++ b/playbooks/prerequisites/install_prerequisites.yml @@ -0,0 +1,98 @@ +--- +- name: "Setup prerequisites" + hosts: localhost + become: yes + become_user: root + tasks: + - name: Install yum packages + yum: name={{ item }} state=present + with_items: + - bzip2-devel + - cronie + - dnsmasq + - freetype-devel + - git + - htop + - lcms2-devel + - libjpeg-devel + - libtiff-devel + - libffi-devel + - libwebp-devel + - libXext + - libXrender + - libzip-devel + - libffi-devel + - ntp + - openssl-devel + - postfix + - python-devel + - python-setuptools + - python-pip + - redis + - screen + - sudo + - supervisor + - tcl-devel + - tk-devel + - vim + - which + - xorg-x11-fonts-75dpi + - xorg-x11-fonts-Type1 + - zlib-devel + - openssl-devel + - openldap-devel + when: ansible_os_family == 'RedHat' + + # Prerequisite for Debian and Ubuntu + - name: Install apt packages + apt: pkg={{ item }} state=present force=yes + with_items: + - build-essential + - software-properties-common + - dnsmasq + - fontconfig + - git + - htop + - libcrypto++-dev + - libfreetype6-dev + - liblcms2-dev + - libssl-dev + - libwebp-dev + - libxext6 + - libxrender1 + - libxslt1-dev + - libxslt1.1 + - libffi-dev + - ntp + - postfix + - python-dev + - python-pip + - python-tk + - redis-server + - screen + - supervisor + - vim + - xfonts-75dpi + - xfonts-base + - zlib1g-dev + - apt-transport-https + - libsasl2-dev + - libldap2-dev + - libjpeg8-dev + when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' + + - include: ubuntu.yml + when: ansible_distribution == 'Ubuntu' + + - include: debian.yml + when: ansible_os_family == 'Debian' + + # Prerequisite for MACOS + - name: install prequisites for macos + homebrew: name={{ item }} state=present + with_items: + - cmake + - redis + - mariadb + - nodejs + when: ansible_distribution == 'MacOSX' \ No newline at end of file diff --git a/playbooks/develop/roles/prerequisites/tasks/ubuntu.yml b/playbooks/prerequisites/ubuntu.yml similarity index 100% rename from playbooks/develop/roles/prerequisites/tasks/ubuntu.yml rename to playbooks/prerequisites/ubuntu.yml From f13dcbd958dce02192efeec89bacccb0e7d7dd03 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 29 Aug 2017 19:18:05 +0530 Subject: [PATCH 09/20] remove distribution specific files --- playbooks/develop/centos.yml | 29 ----------------------------- playbooks/develop/install.yml | 9 --------- playbooks/develop/ubuntu.yml | 35 ----------------------------------- 3 files changed, 73 deletions(-) delete mode 100755 playbooks/develop/centos.yml delete mode 100644 playbooks/develop/ubuntu.yml diff --git a/playbooks/develop/centos.yml b/playbooks/develop/centos.yml deleted file mode 100755 index 8cc9c2d9..00000000 --- a/playbooks/develop/centos.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- include: setup_essentials.yml - -- name: "Setup prerequisites, mariadb, wkhtmltopdf, nodejs and psutil" - hosts: localhost - become: yes - become_user: root - vars: - mysql_conf_tpl: ../files/mariadb_config.cnf - mysql_secure_installation: True - roles: - - mariadb - - wkhtmltopdf - - nodejs - - psutil - -- name: setup bench and dev environment - hosts: localhost - vars: - bench_repo_path: "/home/{{ ansible_user_id }}/.bench" - bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}" - tasks: - # setup frappe-bench - - include: includes/setup_bench.yml - when: not run_travis and not without_bench_setup - - # setup development environment - - include: includes/setup_dev_env.yml - when: not run_travis and not production diff --git a/playbooks/develop/install.yml b/playbooks/develop/install.yml index eb44b08c..98b8a054 100644 --- a/playbooks/develop/install.yml +++ b/playbooks/develop/install.yml @@ -34,12 +34,3 @@ # setup development environment - include: includes/setup_dev_env.yml when: not run_travis and not production - -# - include: ubuntu.yml -# when: ansible_distribution == 'Ubuntu' -# -# - include: centos.yml -# when: ansible_distribution == 'CentOS' -# -# - include: debian.yml -# when: ansible_distribution == 'Debian' \ No newline at end of file diff --git a/playbooks/develop/ubuntu.yml b/playbooks/develop/ubuntu.yml deleted file mode 100644 index c6799c0f..00000000 --- a/playbooks/develop/ubuntu.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- include: setup_essentials.yml - -- name: "Setup prerequisites, mariadb, wkhtmltopdf, nodejs and psutil" - hosts: localhost - become: yes - become_user: root - vars: - bench_repo_path: "/home/{{ ansible_user_id }}/.bench" - bench_path: "/home/{{ ansible_user_id }}/frappe-bench" - mysql_conf_tpl: ../files/mariadb_config.cnf - mysql_secure_installation: True - roles: - - prerequisites - - mariadb - - wkhtmltopdf - - nodejs - - psutil - -- name: setup bench and dev environment - hosts: localhost - vars: - bench_repo_path: "/home/{{ ansible_user_id }}/.bench" - bench_path: "/home/{{ ansible_user_id }}/frappe-bench" - tasks: - - debug: - var: run_travis - - # setup frappe-bench - - include: includes/setup_bench.yml - when: not without_bench_setup and not run_travis - - # setup development environment - - include: includes/setup_dev_env.yml - when: not production and not run_travis and not without_bench_setup From a2e779ccb397ee9fd963d15f3a60497fc21c6f37 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 29 Aug 2017 21:14:39 +0530 Subject: [PATCH 10/20] add tags to roles --- playbooks/develop/install.yml | 8 ++++---- playbooks/production/install.yml | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/playbooks/develop/install.yml b/playbooks/develop/install.yml index 98b8a054..0a91fd1b 100644 --- a/playbooks/develop/install.yml +++ b/playbooks/develop/install.yml @@ -16,10 +16,10 @@ mysql_conf_tpl: ../files/mariadb_config.cnf mysql_secure_installation: True roles: - - mariadb - - wkhtmltopdf - - nodejs - - psutil + - { role: mariadb, tags: "mariadb" } + - { role: wkhtmltopdf, tags: "wkhtmltopdf" } + - { role: nodejs, tags: "nodejs" } + - { role: psutil, tags: "psutil" } - name: setup bench and dev environment hosts: localhost diff --git a/playbooks/production/install.yml b/playbooks/production/install.yml index 0f58a058..db5f2a9c 100644 --- a/playbooks/production/install.yml +++ b/playbooks/production/install.yml @@ -10,15 +10,15 @@ vars: - nginx_conf_file: files/nginx.conf roles: - - locale - - swap - - logwatch - - bash_screen_wall - - frappe_selinux - - dns_caching - - ntpd - - nginx - - fail2ban + - { role: locale, tags: "locale" } + - { role: swap, tags: "swap" } + - { role: logwatch, tags: "logwatch" } + - { role: bash_screen_wall, tags: "bash_screen_wall" } + - { role: frappe_selinux, tags: "frappe_selinux" } + - { role: dns_caching, tags: "dns_caching" } + - { role: ntpd, tags: "ntpd" } + - { role: nginx, tags: "nginx" } + - { role: fail2ban, tags: "fail2ban" } tasks: - name: Set hostname hostname: name='{{ hostname }}' From f5730b0828663da95b74f1f50d9dbcc414bf6328 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Wed, 30 Aug 2017 12:22:41 +0530 Subject: [PATCH 11/20] [fix] seperate out roles from dev and prod installation --- playbooks/develop/install.yml | 17 ++------- playbooks/develop/macosx.yml | 5 ++- .../files/mariadb_config.cnf | 0 .../files/nginx.conf | 0 .../prerequisites/install_prerequisites.yml | 4 ++- playbooks/prerequisites/install_roles.yml | 35 +++++++++++++++++++ .../bash_screen_wall/files/screen_wall.sh | 0 .../roles/bash_screen_wall/tasks/main.yml | 0 .../roles/dns_caching/handlers/main.yml | 0 .../roles/dns_caching/tasks/main.yml | 0 .../roles/fail2ban/defaults/main.yml | 0 .../roles/fail2ban/handlers/main.yml | 0 .../roles/fail2ban/tasks/main.yml | 0 .../templates/nginx-proxy-filter.conf.j2 | 0 .../templates/nginx-proxy-jail.conf.j2 | 0 .../frappe_selinux/files/frappe_selinux.te | 0 .../roles/frappe_selinux/tasks/main.yml | 0 .../roles/locale/defaults/main.yml | 0 .../roles/locale/tasks/main.yml | 0 .../roles/logwatch/defaults/main.yml | 0 .../roles/logwatch/tasks/main.yml | 0 .../roles/logwatch/templates/logwatch.conf.j2 | 0 .../roles/mariadb/README.md | 0 .../roles/mariadb/defaults/main.yml | 0 .../roles/mariadb/handlers/main.yml | 0 .../roles/mariadb/meta/main.yml | 0 .../roles/mariadb/tasks/centos.yml | 0 .../roles/mariadb/tasks/debian.yml | 0 .../roles/mariadb/tasks/main.yml | 0 .../tasks/mysql_secure_installation.yml | 0 .../roles/mariadb/tasks/ubuntu.yml | 0 .../mariadb/templates/mariadb_centos.repo.j2 | 0 .../mariadb/templates/mariadb_ubuntu.list.j2 | 0 .../roles/mariadb/templates/my.cnf.j2 | 0 .../roles/mariadb/vars/main.yml | 0 .../roles/nginx/.travis.yml | 0 .../roles/nginx/README.md | 0 .../roles/nginx/defaults/main.yml | 0 .../roles/nginx/handlers/main.yml | 0 .../roles/nginx/meta/main.yml | 0 .../roles/nginx/tasks/main.yml | 0 .../roles/nginx/tasks/setup-Debian.yml | 0 .../roles/nginx/tasks/setup-RedHat.yml | 0 .../roles/nginx/tasks/vhosts.yml | 0 .../roles/nginx/templates/nginx.conf.j2 | 0 .../roles/nginx/templates/nginx.repo.j2 | 0 .../roles/nginx/templates/vhosts.j2 | 0 .../roles/nginx/tests/inventory | 0 .../roles/nginx/tests/test.yml | 0 .../roles/nginx/vars/Debian.yml | 0 .../roles/nginx/vars/RedHat.yml | 0 .../roles/nodejs/tasks/main.yml | 0 .../roles/ntpd/tasks/main.yml | 0 .../roles/psutil/tasks/main.yml | 0 .../roles/swap/defaults/main.yml | 0 .../roles/swap/tasks/main.yml | 0 .../roles/wkhtmltopdf/tasks/main.yml | 0 .../setup_essentials.yml | 0 playbooks/production/install.yml | 30 ---------------- 59 files changed, 42 insertions(+), 49 deletions(-) rename playbooks/{develop => prerequisites}/files/mariadb_config.cnf (100%) rename playbooks/{production => prerequisites}/files/nginx.conf (100%) create mode 100644 playbooks/prerequisites/install_roles.yml rename playbooks/{production => prerequisites}/roles/bash_screen_wall/files/screen_wall.sh (100%) rename playbooks/{production => prerequisites}/roles/bash_screen_wall/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/dns_caching/handlers/main.yml (100%) rename playbooks/{production => prerequisites}/roles/dns_caching/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/fail2ban/defaults/main.yml (100%) rename playbooks/{production => prerequisites}/roles/fail2ban/handlers/main.yml (100%) rename playbooks/{production => prerequisites}/roles/fail2ban/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 (100%) rename playbooks/{production => prerequisites}/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 (100%) rename playbooks/{production => prerequisites}/roles/frappe_selinux/files/frappe_selinux.te (100%) rename playbooks/{production => prerequisites}/roles/frappe_selinux/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/locale/defaults/main.yml (100%) rename playbooks/{production => prerequisites}/roles/locale/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/logwatch/defaults/main.yml (100%) rename playbooks/{production => prerequisites}/roles/logwatch/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/logwatch/templates/logwatch.conf.j2 (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/README.md (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/defaults/main.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/handlers/main.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/meta/main.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/tasks/centos.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/tasks/debian.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/tasks/main.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/tasks/mysql_secure_installation.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/tasks/ubuntu.yml (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/templates/mariadb_centos.repo.j2 (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/templates/mariadb_ubuntu.list.j2 (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/templates/my.cnf.j2 (100%) rename playbooks/{develop => prerequisites}/roles/mariadb/vars/main.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/.travis.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/README.md (100%) rename playbooks/{production => prerequisites}/roles/nginx/defaults/main.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/handlers/main.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/meta/main.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/tasks/setup-Debian.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/tasks/setup-RedHat.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/tasks/vhosts.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/templates/nginx.conf.j2 (100%) rename playbooks/{production => prerequisites}/roles/nginx/templates/nginx.repo.j2 (100%) rename playbooks/{production => prerequisites}/roles/nginx/templates/vhosts.j2 (100%) rename playbooks/{production => prerequisites}/roles/nginx/tests/inventory (100%) rename playbooks/{production => prerequisites}/roles/nginx/tests/test.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/vars/Debian.yml (100%) rename playbooks/{production => prerequisites}/roles/nginx/vars/RedHat.yml (100%) rename playbooks/{develop => prerequisites}/roles/nodejs/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/ntpd/tasks/main.yml (100%) rename playbooks/{develop => prerequisites}/roles/psutil/tasks/main.yml (100%) rename playbooks/{production => prerequisites}/roles/swap/defaults/main.yml (100%) rename playbooks/{production => prerequisites}/roles/swap/tasks/main.yml (100%) rename playbooks/{develop => prerequisites}/roles/wkhtmltopdf/tasks/main.yml (100%) rename playbooks/{develop => prerequisites}/setup_essentials.yml (100%) diff --git a/playbooks/develop/install.yml b/playbooks/develop/install.yml index 0a91fd1b..c24a361a 100644 --- a/playbooks/develop/install.yml +++ b/playbooks/develop/install.yml @@ -1,26 +1,13 @@ --- - hosts: localhost -- include: setup_essentials.yml - - include: ../prerequisites/install_prerequisites.yml +- include: ../prerequisites/install_roles.yml + - include: macosx.yml when: ansible_distribution == 'MacOSX' -- name: "Setup mariadb, wkhtmltopdf, nodejs and psutil" - hosts: localhost - become: yes - become_user: root - vars: - mysql_conf_tpl: ../files/mariadb_config.cnf - mysql_secure_installation: True - roles: - - { role: mariadb, tags: "mariadb" } - - { role: wkhtmltopdf, tags: "wkhtmltopdf" } - - { role: nodejs, tags: "nodejs" } - - { role: psutil, tags: "psutil" } - - name: setup bench and dev environment hosts: localhost vars: diff --git a/playbooks/develop/macosx.yml b/playbooks/develop/macosx.yml index 1a1e4850..704096dd 100644 --- a/playbooks/develop/macosx.yml +++ b/playbooks/develop/macosx.yml @@ -22,10 +22,9 @@ - wkhtmltopdf - name: configure mariadb - include_role: - name: mariadb + include: ../prerequisites/roles/mariadb/main.yml vars: - mysql_conf_tpl: ../files/mariadb_config.cnf + mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf - name: Install MySQLdb in global env pip: name=mysql-python version=1.2.5 diff --git a/playbooks/develop/files/mariadb_config.cnf b/playbooks/prerequisites/files/mariadb_config.cnf similarity index 100% rename from playbooks/develop/files/mariadb_config.cnf rename to playbooks/prerequisites/files/mariadb_config.cnf diff --git a/playbooks/production/files/nginx.conf b/playbooks/prerequisites/files/nginx.conf similarity index 100% rename from playbooks/production/files/nginx.conf rename to playbooks/prerequisites/files/nginx.conf diff --git a/playbooks/prerequisites/install_prerequisites.yml b/playbooks/prerequisites/install_prerequisites.yml index 0fcd2654..a2a84c2e 100644 --- a/playbooks/prerequisites/install_prerequisites.yml +++ b/playbooks/prerequisites/install_prerequisites.yml @@ -1,4 +1,6 @@ --- +#- include: setup_essentials.yml + - name: "Setup prerequisites" hosts: localhost become: yes @@ -95,4 +97,4 @@ - redis - mariadb - nodejs - when: ansible_distribution == 'MacOSX' \ No newline at end of file + when: ansible_distribution == 'MacOSX' diff --git a/playbooks/prerequisites/install_roles.yml b/playbooks/prerequisites/install_roles.yml new file mode 100644 index 00000000..b1d8fa6b --- /dev/null +++ b/playbooks/prerequisites/install_roles.yml @@ -0,0 +1,35 @@ +--- +- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil + hosts: localhost + become: yes + become_user: root + vars: + - mysql_conf_tpl: files/mariadb_config.cnf + - nginx_conf_file: files/nginx.conf + - mysql_secure_installation: True + roles: + - { role: locale, tags: "locale" } + - { role: swap, tags: "swap", when: production } + - { role: logwatch, tags: "logwatch", when: production } + - { role: bash_screen_wall, tags: "bash_screen_wall", when: production } + - { role: frappe_selinux, tags: "frappe_selinux", when: production } + - { role: dns_caching, tags: "dns_caching", when: production } + - { role: ntpd, tags: "ntpd", when: production } + - { role: mariadb, tags: "mariadb" } + - { role: wkhtmltopdf, tags: "wkhtmltopdf" } + - { role: nodejs, tags: "nodejs" } + - { role: psutil, tags: "psutil" } + - { role: nginx, tags: "nginx", when: production } + - { role: fail2ban, tags: "fail2ban" , when: production } + tasks: + - name: Set hostname + hostname: name='{{ hostname }}' + when: hostname is defined and production + + - name: Start NTPD + service: name=ntpd state=started + when: ansible_distribution == 'CentOS' and production + + - name: Start NTPD + service: name=ntp state=started + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production \ No newline at end of file diff --git a/playbooks/production/roles/bash_screen_wall/files/screen_wall.sh b/playbooks/prerequisites/roles/bash_screen_wall/files/screen_wall.sh similarity index 100% rename from playbooks/production/roles/bash_screen_wall/files/screen_wall.sh rename to playbooks/prerequisites/roles/bash_screen_wall/files/screen_wall.sh diff --git a/playbooks/production/roles/bash_screen_wall/tasks/main.yml b/playbooks/prerequisites/roles/bash_screen_wall/tasks/main.yml similarity index 100% rename from playbooks/production/roles/bash_screen_wall/tasks/main.yml rename to playbooks/prerequisites/roles/bash_screen_wall/tasks/main.yml diff --git a/playbooks/production/roles/dns_caching/handlers/main.yml b/playbooks/prerequisites/roles/dns_caching/handlers/main.yml similarity index 100% rename from playbooks/production/roles/dns_caching/handlers/main.yml rename to playbooks/prerequisites/roles/dns_caching/handlers/main.yml diff --git a/playbooks/production/roles/dns_caching/tasks/main.yml b/playbooks/prerequisites/roles/dns_caching/tasks/main.yml similarity index 100% rename from playbooks/production/roles/dns_caching/tasks/main.yml rename to playbooks/prerequisites/roles/dns_caching/tasks/main.yml diff --git a/playbooks/production/roles/fail2ban/defaults/main.yml b/playbooks/prerequisites/roles/fail2ban/defaults/main.yml similarity index 100% rename from playbooks/production/roles/fail2ban/defaults/main.yml rename to playbooks/prerequisites/roles/fail2ban/defaults/main.yml diff --git a/playbooks/production/roles/fail2ban/handlers/main.yml b/playbooks/prerequisites/roles/fail2ban/handlers/main.yml similarity index 100% rename from playbooks/production/roles/fail2ban/handlers/main.yml rename to playbooks/prerequisites/roles/fail2ban/handlers/main.yml diff --git a/playbooks/production/roles/fail2ban/tasks/main.yml b/playbooks/prerequisites/roles/fail2ban/tasks/main.yml similarity index 100% rename from playbooks/production/roles/fail2ban/tasks/main.yml rename to playbooks/prerequisites/roles/fail2ban/tasks/main.yml diff --git a/playbooks/production/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 b/playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 similarity index 100% rename from playbooks/production/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 rename to playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-filter.conf.j2 diff --git a/playbooks/production/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 b/playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 similarity index 100% rename from playbooks/production/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 rename to playbooks/prerequisites/roles/fail2ban/templates/nginx-proxy-jail.conf.j2 diff --git a/playbooks/production/roles/frappe_selinux/files/frappe_selinux.te b/playbooks/prerequisites/roles/frappe_selinux/files/frappe_selinux.te similarity index 100% rename from playbooks/production/roles/frappe_selinux/files/frappe_selinux.te rename to playbooks/prerequisites/roles/frappe_selinux/files/frappe_selinux.te diff --git a/playbooks/production/roles/frappe_selinux/tasks/main.yml b/playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml similarity index 100% rename from playbooks/production/roles/frappe_selinux/tasks/main.yml rename to playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml diff --git a/playbooks/production/roles/locale/defaults/main.yml b/playbooks/prerequisites/roles/locale/defaults/main.yml similarity index 100% rename from playbooks/production/roles/locale/defaults/main.yml rename to playbooks/prerequisites/roles/locale/defaults/main.yml diff --git a/playbooks/production/roles/locale/tasks/main.yml b/playbooks/prerequisites/roles/locale/tasks/main.yml similarity index 100% rename from playbooks/production/roles/locale/tasks/main.yml rename to playbooks/prerequisites/roles/locale/tasks/main.yml diff --git a/playbooks/production/roles/logwatch/defaults/main.yml b/playbooks/prerequisites/roles/logwatch/defaults/main.yml similarity index 100% rename from playbooks/production/roles/logwatch/defaults/main.yml rename to playbooks/prerequisites/roles/logwatch/defaults/main.yml diff --git a/playbooks/production/roles/logwatch/tasks/main.yml b/playbooks/prerequisites/roles/logwatch/tasks/main.yml similarity index 100% rename from playbooks/production/roles/logwatch/tasks/main.yml rename to playbooks/prerequisites/roles/logwatch/tasks/main.yml diff --git a/playbooks/production/roles/logwatch/templates/logwatch.conf.j2 b/playbooks/prerequisites/roles/logwatch/templates/logwatch.conf.j2 similarity index 100% rename from playbooks/production/roles/logwatch/templates/logwatch.conf.j2 rename to playbooks/prerequisites/roles/logwatch/templates/logwatch.conf.j2 diff --git a/playbooks/develop/roles/mariadb/README.md b/playbooks/prerequisites/roles/mariadb/README.md similarity index 100% rename from playbooks/develop/roles/mariadb/README.md rename to playbooks/prerequisites/roles/mariadb/README.md diff --git a/playbooks/develop/roles/mariadb/defaults/main.yml b/playbooks/prerequisites/roles/mariadb/defaults/main.yml similarity index 100% rename from playbooks/develop/roles/mariadb/defaults/main.yml rename to playbooks/prerequisites/roles/mariadb/defaults/main.yml diff --git a/playbooks/develop/roles/mariadb/handlers/main.yml b/playbooks/prerequisites/roles/mariadb/handlers/main.yml similarity index 100% rename from playbooks/develop/roles/mariadb/handlers/main.yml rename to playbooks/prerequisites/roles/mariadb/handlers/main.yml diff --git a/playbooks/develop/roles/mariadb/meta/main.yml b/playbooks/prerequisites/roles/mariadb/meta/main.yml similarity index 100% rename from playbooks/develop/roles/mariadb/meta/main.yml rename to playbooks/prerequisites/roles/mariadb/meta/main.yml diff --git a/playbooks/develop/roles/mariadb/tasks/centos.yml b/playbooks/prerequisites/roles/mariadb/tasks/centos.yml similarity index 100% rename from playbooks/develop/roles/mariadb/tasks/centos.yml rename to playbooks/prerequisites/roles/mariadb/tasks/centos.yml diff --git a/playbooks/develop/roles/mariadb/tasks/debian.yml b/playbooks/prerequisites/roles/mariadb/tasks/debian.yml similarity index 100% rename from playbooks/develop/roles/mariadb/tasks/debian.yml rename to playbooks/prerequisites/roles/mariadb/tasks/debian.yml diff --git a/playbooks/develop/roles/mariadb/tasks/main.yml b/playbooks/prerequisites/roles/mariadb/tasks/main.yml similarity index 100% rename from playbooks/develop/roles/mariadb/tasks/main.yml rename to playbooks/prerequisites/roles/mariadb/tasks/main.yml diff --git a/playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml b/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml similarity index 100% rename from playbooks/develop/roles/mariadb/tasks/mysql_secure_installation.yml rename to playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml diff --git a/playbooks/develop/roles/mariadb/tasks/ubuntu.yml b/playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml similarity index 100% rename from playbooks/develop/roles/mariadb/tasks/ubuntu.yml rename to playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml diff --git a/playbooks/develop/roles/mariadb/templates/mariadb_centos.repo.j2 b/playbooks/prerequisites/roles/mariadb/templates/mariadb_centos.repo.j2 similarity index 100% rename from playbooks/develop/roles/mariadb/templates/mariadb_centos.repo.j2 rename to playbooks/prerequisites/roles/mariadb/templates/mariadb_centos.repo.j2 diff --git a/playbooks/develop/roles/mariadb/templates/mariadb_ubuntu.list.j2 b/playbooks/prerequisites/roles/mariadb/templates/mariadb_ubuntu.list.j2 similarity index 100% rename from playbooks/develop/roles/mariadb/templates/mariadb_ubuntu.list.j2 rename to playbooks/prerequisites/roles/mariadb/templates/mariadb_ubuntu.list.j2 diff --git a/playbooks/develop/roles/mariadb/templates/my.cnf.j2 b/playbooks/prerequisites/roles/mariadb/templates/my.cnf.j2 similarity index 100% rename from playbooks/develop/roles/mariadb/templates/my.cnf.j2 rename to playbooks/prerequisites/roles/mariadb/templates/my.cnf.j2 diff --git a/playbooks/develop/roles/mariadb/vars/main.yml b/playbooks/prerequisites/roles/mariadb/vars/main.yml similarity index 100% rename from playbooks/develop/roles/mariadb/vars/main.yml rename to playbooks/prerequisites/roles/mariadb/vars/main.yml diff --git a/playbooks/production/roles/nginx/.travis.yml b/playbooks/prerequisites/roles/nginx/.travis.yml similarity index 100% rename from playbooks/production/roles/nginx/.travis.yml rename to playbooks/prerequisites/roles/nginx/.travis.yml diff --git a/playbooks/production/roles/nginx/README.md b/playbooks/prerequisites/roles/nginx/README.md similarity index 100% rename from playbooks/production/roles/nginx/README.md rename to playbooks/prerequisites/roles/nginx/README.md diff --git a/playbooks/production/roles/nginx/defaults/main.yml b/playbooks/prerequisites/roles/nginx/defaults/main.yml similarity index 100% rename from playbooks/production/roles/nginx/defaults/main.yml rename to playbooks/prerequisites/roles/nginx/defaults/main.yml diff --git a/playbooks/production/roles/nginx/handlers/main.yml b/playbooks/prerequisites/roles/nginx/handlers/main.yml similarity index 100% rename from playbooks/production/roles/nginx/handlers/main.yml rename to playbooks/prerequisites/roles/nginx/handlers/main.yml diff --git a/playbooks/production/roles/nginx/meta/main.yml b/playbooks/prerequisites/roles/nginx/meta/main.yml similarity index 100% rename from playbooks/production/roles/nginx/meta/main.yml rename to playbooks/prerequisites/roles/nginx/meta/main.yml diff --git a/playbooks/production/roles/nginx/tasks/main.yml b/playbooks/prerequisites/roles/nginx/tasks/main.yml similarity index 100% rename from playbooks/production/roles/nginx/tasks/main.yml rename to playbooks/prerequisites/roles/nginx/tasks/main.yml diff --git a/playbooks/production/roles/nginx/tasks/setup-Debian.yml b/playbooks/prerequisites/roles/nginx/tasks/setup-Debian.yml similarity index 100% rename from playbooks/production/roles/nginx/tasks/setup-Debian.yml rename to playbooks/prerequisites/roles/nginx/tasks/setup-Debian.yml diff --git a/playbooks/production/roles/nginx/tasks/setup-RedHat.yml b/playbooks/prerequisites/roles/nginx/tasks/setup-RedHat.yml similarity index 100% rename from playbooks/production/roles/nginx/tasks/setup-RedHat.yml rename to playbooks/prerequisites/roles/nginx/tasks/setup-RedHat.yml diff --git a/playbooks/production/roles/nginx/tasks/vhosts.yml b/playbooks/prerequisites/roles/nginx/tasks/vhosts.yml similarity index 100% rename from playbooks/production/roles/nginx/tasks/vhosts.yml rename to playbooks/prerequisites/roles/nginx/tasks/vhosts.yml diff --git a/playbooks/production/roles/nginx/templates/nginx.conf.j2 b/playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2 similarity index 100% rename from playbooks/production/roles/nginx/templates/nginx.conf.j2 rename to playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2 diff --git a/playbooks/production/roles/nginx/templates/nginx.repo.j2 b/playbooks/prerequisites/roles/nginx/templates/nginx.repo.j2 similarity index 100% rename from playbooks/production/roles/nginx/templates/nginx.repo.j2 rename to playbooks/prerequisites/roles/nginx/templates/nginx.repo.j2 diff --git a/playbooks/production/roles/nginx/templates/vhosts.j2 b/playbooks/prerequisites/roles/nginx/templates/vhosts.j2 similarity index 100% rename from playbooks/production/roles/nginx/templates/vhosts.j2 rename to playbooks/prerequisites/roles/nginx/templates/vhosts.j2 diff --git a/playbooks/production/roles/nginx/tests/inventory b/playbooks/prerequisites/roles/nginx/tests/inventory similarity index 100% rename from playbooks/production/roles/nginx/tests/inventory rename to playbooks/prerequisites/roles/nginx/tests/inventory diff --git a/playbooks/production/roles/nginx/tests/test.yml b/playbooks/prerequisites/roles/nginx/tests/test.yml similarity index 100% rename from playbooks/production/roles/nginx/tests/test.yml rename to playbooks/prerequisites/roles/nginx/tests/test.yml diff --git a/playbooks/production/roles/nginx/vars/Debian.yml b/playbooks/prerequisites/roles/nginx/vars/Debian.yml similarity index 100% rename from playbooks/production/roles/nginx/vars/Debian.yml rename to playbooks/prerequisites/roles/nginx/vars/Debian.yml diff --git a/playbooks/production/roles/nginx/vars/RedHat.yml b/playbooks/prerequisites/roles/nginx/vars/RedHat.yml similarity index 100% rename from playbooks/production/roles/nginx/vars/RedHat.yml rename to playbooks/prerequisites/roles/nginx/vars/RedHat.yml diff --git a/playbooks/develop/roles/nodejs/tasks/main.yml b/playbooks/prerequisites/roles/nodejs/tasks/main.yml similarity index 100% rename from playbooks/develop/roles/nodejs/tasks/main.yml rename to playbooks/prerequisites/roles/nodejs/tasks/main.yml diff --git a/playbooks/production/roles/ntpd/tasks/main.yml b/playbooks/prerequisites/roles/ntpd/tasks/main.yml similarity index 100% rename from playbooks/production/roles/ntpd/tasks/main.yml rename to playbooks/prerequisites/roles/ntpd/tasks/main.yml diff --git a/playbooks/develop/roles/psutil/tasks/main.yml b/playbooks/prerequisites/roles/psutil/tasks/main.yml similarity index 100% rename from playbooks/develop/roles/psutil/tasks/main.yml rename to playbooks/prerequisites/roles/psutil/tasks/main.yml diff --git a/playbooks/production/roles/swap/defaults/main.yml b/playbooks/prerequisites/roles/swap/defaults/main.yml similarity index 100% rename from playbooks/production/roles/swap/defaults/main.yml rename to playbooks/prerequisites/roles/swap/defaults/main.yml diff --git a/playbooks/production/roles/swap/tasks/main.yml b/playbooks/prerequisites/roles/swap/tasks/main.yml similarity index 100% rename from playbooks/production/roles/swap/tasks/main.yml rename to playbooks/prerequisites/roles/swap/tasks/main.yml diff --git a/playbooks/develop/roles/wkhtmltopdf/tasks/main.yml b/playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml similarity index 100% rename from playbooks/develop/roles/wkhtmltopdf/tasks/main.yml rename to playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml diff --git a/playbooks/develop/setup_essentials.yml b/playbooks/prerequisites/setup_essentials.yml similarity index 100% rename from playbooks/develop/setup_essentials.yml rename to playbooks/prerequisites/setup_essentials.yml diff --git a/playbooks/production/install.yml b/playbooks/production/install.yml index db5f2a9c..17c5b6ca 100644 --- a/playbooks/production/install.yml +++ b/playbooks/production/install.yml @@ -2,36 +2,6 @@ # Install the common pre-requisites for the setting up bench - include: ../develop/install.yml - #install production pre-requisites - - name: Apply basic roles - hosts: localhost - become: yes - become_user: root - vars: - - nginx_conf_file: files/nginx.conf - roles: - - { role: locale, tags: "locale" } - - { role: swap, tags: "swap" } - - { role: logwatch, tags: "logwatch" } - - { role: bash_screen_wall, tags: "bash_screen_wall" } - - { role: frappe_selinux, tags: "frappe_selinux" } - - { role: dns_caching, tags: "dns_caching" } - - { role: ntpd, tags: "ntpd" } - - { role: nginx, tags: "nginx" } - - { role: fail2ban, tags: "fail2ban" } - tasks: - - name: Set hostname - hostname: name='{{ hostname }}' - when: hostname is defined - - - name: Start NTPD - service: name=ntpd state=started - when: ansible_distribution == 'CentOS' - - - name: Start NTPD - service: name=ntp state=started - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - - include: includes/setup_inputrc.yml # Setup Bench for production environment From c8d8c2b6a2a11bf356854bcb360ef62537c07919 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Wed, 30 Aug 2017 15:38:17 +0530 Subject: [PATCH 12/20] commands to setup pre-requisites and roles --- bench/cli.py | 6 +++--- bench/commands/setup.py | 25 +++++++++++++++++++++++++ bench/utils.py | 7 ++++++- playbooks/develop/debian.yml | 34 ---------------------------------- 4 files changed, 34 insertions(+), 38 deletions(-) delete mode 100755 playbooks/develop/debian.yml diff --git a/bench/cli.py b/bench/cli.py index 4d6bad36..0ca2fe10 100755 --- a/bench/cli.py +++ b/bench/cli.py @@ -47,10 +47,10 @@ def check_uid(): sys.exit(1) def cmd_requires_root(): - if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', 'reload-nginx', 'firewall', 'ssh-port'): - return True + if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', 'print', 'firewall', 'ssh-port', 'prerequisites', 'role'): + return True if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production'): - return True + return True def change_dir(): if os.path.exists('config.json') or "init" in sys.argv: diff --git a/bench/commands/setup.py b/bench/commands/setup.py index 703e20fa..74327d35 100755 --- a/bench/commands/setup.py +++ b/bench/commands/setup.py @@ -180,6 +180,29 @@ def sync_domains(domain=None, site=None): # if changed, success, else failure sys.exit(0 if changed else 1) +@click.command('prerequisites') +def setup_prerequisites(): + "Install prerequisites" + from bench.utils import run_playbook + run_playbook('prerequisites/install_prerequisites.yml') + +@click.command('role') +@click.argument('role') +@click.option('--admin_emails', default='') +@click.option('--mysql_root_password') +def setup_roles(role, **kwargs): + "Install dependancies via roles" + from bench.utils import run_playbook + + extra_vars = {"production": True} + extra_vars.update(kwargs) + + if role: + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag=role) + else: + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars) + + setup.add_command(setup_sudoers) setup.add_command(setup_nginx) setup.add_command(reload_nginx) @@ -200,3 +223,5 @@ setup.add_command(remove_domain) setup.add_command(sync_domains) setup.add_command(setup_firewall) setup.add_command(set_ssh_port) +setup.add_command(setup_prerequisites) +setup.add_command(setup_roles) \ No newline at end of file diff --git a/bench/utils.py b/bench/utils.py index 896fc0c0..caa55445 100755 --- a/bench/utils.py +++ b/bench/utils.py @@ -761,11 +761,16 @@ def set_git_remote_url(git_url, bench_path='.'): if os.path.exists(os.path.join(app_dir, '.git')): exec_cmd("git remote set-url upstream {}".format(git_url), cwd=app_dir) -def run_playbook(playbook_name, extra_vars=None): +def run_playbook(playbook_name, extra_vars=None, tag=None): if not find_executable('ansible'): print("Ansible is needed to run this command, please install it using 'pip install ansible'") sys.exit(1) args = ['ansible-playbook', '-c', 'local', playbook_name] + if extra_vars: args.extend(['-e', json.dumps(extra_vars)]) + + if tag: + args.extend(['-t', tag]) + subprocess.check_call(args, cwd=os.path.join(os.path.dirname(bench.__path__[0]), 'playbooks')) diff --git a/playbooks/develop/debian.yml b/playbooks/develop/debian.yml deleted file mode 100755 index 4b80213a..00000000 --- a/playbooks/develop/debian.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- include: setup_essentials.yml - -- name: "Setup prerequisites, mariadb, wkhtmltopdf, nodejs and psutil" - hosts: localhost - become: yes - become_user: root - vars: - mysql_conf_tpl: ../files/mariadb_config.cnf - mysql_secure_installation: True - roles: - - prerequisites - - mariadb - - wkhtmltopdf - - nodejs - - psutil - -- name: setup bench and dev environment - hosts: localhost - vars: - bench_repo_path: "/home/{{ ansible_user_id }}/.bench" - bench_path: "/home/{{ ansible_user_id }}/frappe-bench" - tasks: - - debug: - var: run_travis - - # setup frappe-bench - - include: includes/setup_bench.yml - when: not run_travis - - # setup development environment - - include: includes/setup_dev_env.yml - when: not production and not run_travis - From e2c24d8c0e92e1c810842df946ab1fe26de9980f Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 5 Sep 2017 10:56:48 +0530 Subject: [PATCH 13/20] [fix] package fixes for debian 8 --- playbooks/prerequisites/debian.yml | 2 ++ playbooks/prerequisites/install_prerequisites.yml | 5 ++--- playbooks/prerequisites/roles/locale/tasks/main.yml | 5 +++-- playbooks/prerequisites/ubuntu.yml | 2 ++ 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/playbooks/prerequisites/debian.yml b/playbooks/prerequisites/debian.yml index ffee520e..6c0fb8f9 100644 --- a/playbooks/prerequisites/debian.yml +++ b/playbooks/prerequisites/debian.yml @@ -2,6 +2,7 @@ - name: install pillow prerequisites for Debian < 8 apt: pkg={{ item }} state=present with_items: + - libjpeg8-dev - libtiff4-dev - tcl8.5-dev - tk8.5-dev @@ -10,6 +11,7 @@ - name: install pillow prerequisites for Debian >= 8 apt: pkg={{ item }} state=present with_items: + - libjpeg62-turbo-dev - libtiff5-dev - tcl8.5-dev - tk8.5-dev diff --git a/playbooks/prerequisites/install_prerequisites.yml b/playbooks/prerequisites/install_prerequisites.yml index a2a84c2e..6fb0a066 100644 --- a/playbooks/prerequisites/install_prerequisites.yml +++ b/playbooks/prerequisites/install_prerequisites.yml @@ -80,14 +80,13 @@ - apt-transport-https - libsasl2-dev - libldap2-dev - - libjpeg8-dev - when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu' + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - include: ubuntu.yml when: ansible_distribution == 'Ubuntu' - include: debian.yml - when: ansible_os_family == 'Debian' + when: ansible_distribution == 'Debian' # Prerequisite for MACOS - name: install prequisites for macos diff --git a/playbooks/prerequisites/roles/locale/tasks/main.yml b/playbooks/prerequisites/roles/locale/tasks/main.yml index 4e402ca2..3168f70b 100644 --- a/playbooks/prerequisites/roles/locale/tasks/main.yml +++ b/playbooks/prerequisites/roles/locale/tasks/main.yml @@ -2,14 +2,15 @@ - name: Check current locale shell: localectl register: locale_test + when: ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu' - name: Set Locale command: "localectl set-locale LANG={{ locale_lang }}" - when: locale_test.stdout.find('LANG={{ locale_lang }}') == -1 + when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1 - name: Set keymap command: "localectl set-keymap {{ locale_keymap }}" - when: "locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1" + when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1" - name: Set Locale as en_US lineinfile: dest=/etc/environment backup=yes line="{{ item }}" diff --git a/playbooks/prerequisites/ubuntu.yml b/playbooks/prerequisites/ubuntu.yml index 0b7b1bd3..3e0918cd 100644 --- a/playbooks/prerequisites/ubuntu.yml +++ b/playbooks/prerequisites/ubuntu.yml @@ -2,6 +2,7 @@ - name: install pillow prerequisites for Ubuntu < 14.04 apt: pkg={{ item }} state=present force=yes with_items: + - libjpeg8-dev - libtiff4-dev - tcl8.5-dev - tk8.5-dev @@ -10,6 +11,7 @@ - name: install pillow prerequisites for Ubuntu >= 14.04 apt: pkg={{ item }} state=present force=yes with_items: + - libjpeg8-dev - libtiff5-dev - tcl8.6-dev - tk8.6-dev From b9f096bd3e873a1614d8bfe622afed3cf519371a Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 5 Sep 2017 19:35:28 +0530 Subject: [PATCH 14/20] Support for mariadb debian 9 and above --- playbooks/develop/install.yml | 2 ++ playbooks/develop/macosx.yml | 2 +- playbooks/prerequisites/debian.yml | 3 +++ .../files/debian_mariadb_config.cnf} | 0 .../prerequisites/roles/mariadb/tasks/debian.yml | 5 ++++- playbooks/prerequisites/roles/mariadb/tasks/main.yml | 11 +++++++++-- 6 files changed, 19 insertions(+), 4 deletions(-) rename playbooks/{develop/templates/simple_mariadb_config.cnf => prerequisites/files/debian_mariadb_config.cnf} (100%) diff --git a/playbooks/develop/install.yml b/playbooks/develop/install.yml index c24a361a..835decec 100644 --- a/playbooks/develop/install.yml +++ b/playbooks/develop/install.yml @@ -2,8 +2,10 @@ - hosts: localhost - include: ../prerequisites/install_prerequisites.yml + when: ansible_distribution != 'MacOSX' - include: ../prerequisites/install_roles.yml + when: ansible_distribution != 'MacOSX' - include: macosx.yml when: ansible_distribution == 'MacOSX' diff --git a/playbooks/develop/macosx.yml b/playbooks/develop/macosx.yml index 704096dd..b9175b7e 100644 --- a/playbooks/develop/macosx.yml +++ b/playbooks/develop/macosx.yml @@ -22,7 +22,7 @@ - wkhtmltopdf - name: configure mariadb - include: ../prerequisites/roles/mariadb/main.yml + include: ../prerequisites/roles/mariadb/task/main.yml vars: mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf diff --git a/playbooks/prerequisites/debian.yml b/playbooks/prerequisites/debian.yml index 6c0fb8f9..b7e3259b 100644 --- a/playbooks/prerequisites/debian.yml +++ b/playbooks/prerequisites/debian.yml @@ -1,4 +1,7 @@ --- +- name: Setup OpenSSL dependancy + pip: name=pyOpenSSL version=16.2.0 + - name: install pillow prerequisites for Debian < 8 apt: pkg={{ item }} state=present with_items: diff --git a/playbooks/develop/templates/simple_mariadb_config.cnf b/playbooks/prerequisites/files/debian_mariadb_config.cnf similarity index 100% rename from playbooks/develop/templates/simple_mariadb_config.cnf rename to playbooks/prerequisites/files/debian_mariadb_config.cnf diff --git a/playbooks/prerequisites/roles/mariadb/tasks/debian.yml b/playbooks/prerequisites/roles/mariadb/tasks/debian.yml index ed188c3b..526e3fa4 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/debian.yml +++ b/playbooks/prerequisites/roles/mariadb/tasks/debian.yml @@ -1,9 +1,12 @@ --- - - name: Add apt key for mariadb for Debian <= 8 apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present when: ansible_distribution_major_version | version_compare('8', 'le') +- name: Add apt key for mariadb for Debian > 8 + apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xF1656F24C74CD1D8 state=present + when: ansible_distribution_major_version | version_compare('8', 'gt') + - name: Add apt repository apt_repository: repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian {{ ansible_distribution_release }} main' diff --git a/playbooks/prerequisites/roles/mariadb/tasks/main.yml b/playbooks/prerequisites/roles/mariadb/tasks/main.yml index 878e5894..b731d39e 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/main.yml +++ b/playbooks/prerequisites/roles/mariadb/tasks/main.yml @@ -5,17 +5,24 @@ - include: ubuntu.yml when: ansible_distribution == 'Ubuntu' +- name: Add configuration + template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 + when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian' + notify: restart mysql + - include: debian.yml when: ansible_distribution == 'Debian' - name: Add configuration - template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 - when: mysql_conf_tpl != 'change_me' + template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644 + when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian' notify: restart mysql - name: Start and enable service service: name=mysql state=started enabled=yes - include: mysql_secure_installation.yml + when: mysql_root_password is defined + - debug: var=mysql_secure_installation when: mysql_secure_installation and mysql_root_password is defined From 57499b8500bc5d9f216bb8dcedbc46f620800d50 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Thu, 7 Sep 2017 08:57:58 +0530 Subject: [PATCH 15/20] check mysql root password --- playbooks/develop/create_user.yml | 2 -- playbooks/develop/macosx.yml | 2 +- .../prerequisites/roles/mariadb/tasks/main.yml | 3 +++ .../mariadb/tasks/mysql_secure_installation.yml | 17 +++++++++++++++-- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/playbooks/develop/create_user.yml b/playbooks/develop/create_user.yml index 2980ed4e..e7caf573 100755 --- a/playbooks/develop/create_user.yml +++ b/playbooks/develop/create_user.yml @@ -12,7 +12,6 @@ mode: 'o+rx' owner: '{{ frappe_user }}' group: '{{ frappe_user }}' - recurse: yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian' - name: Set home folder perms @@ -21,7 +20,6 @@ mode: 'o+rx' owner: '{{ frappe_user }}' group: '{{ frappe_user }}' - recurse: yes when: ansible_distribution == 'MacOSX' - name: Set /tmp/.bench folder perms diff --git a/playbooks/develop/macosx.yml b/playbooks/develop/macosx.yml index b9175b7e..05b8c947 100644 --- a/playbooks/develop/macosx.yml +++ b/playbooks/develop/macosx.yml @@ -22,7 +22,7 @@ - wkhtmltopdf - name: configure mariadb - include: ../prerequisites/roles/mariadb/task/main.yml + include: ../prerequisites/roles/mariadb/tasks/main.yml vars: mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf diff --git a/playbooks/prerequisites/roles/mariadb/tasks/main.yml b/playbooks/prerequisites/roles/mariadb/tasks/main.yml index b731d39e..bbcc7e77 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/main.yml +++ b/playbooks/prerequisites/roles/mariadb/tasks/main.yml @@ -21,6 +21,9 @@ - name: Start and enable service service: name=mysql state=started enabled=yes +- debug: + msg: "{{ mysql_root_password }}" + - include: mysql_secure_installation.yml when: mysql_root_password is defined diff --git a/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml b/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml index 5a326624..d1ba6c4f 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml +++ b/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml @@ -3,6 +3,8 @@ # UPDATE mysql.user SET Password=PASSWORD('mysecret') WHERE User='root'; # FLUSH PRIVILEGES; +- debug: + msg: "{{ mysql_root_password }}" - name: Set root Password mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present @@ -13,30 +15,40 @@ - name: Add .my.cnf template: src=my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 +- name: display .my.cnf + command: cat /root/.my.cnf + register: details + +- debug: + msg: "{{ details.stdout_lines }}" + - name: Set root Password mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present with_items: - 127.0.0.1 - ::1 - ignore_errors: yes + when: not run_travis - name: Reload privilege tables command: 'mysql -ne "{{ item }}"' with_items: - FLUSH PRIVILEGES changed_when: False + when: not run_travis - name: Remove anonymous users command: 'mysql -ne "{{ item }}"' with_items: - DELETE FROM mysql.user WHERE User='' changed_when: False + when: not run_travis - name: Disallow root login remotely command: 'mysql -ne "{{ item }}"' with_items: - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1') changed_when: False + when: not run_travis - name: Remove test database and access to it command: 'mysql -ne "{{ item }}"' @@ -44,13 +56,14 @@ - DROP DATABASE if exists test - DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%' changed_when: False - ignore_errors: True + when: not run_travis - name: Reload privilege tables command: 'mysql -ne "{{ item }}"' with_items: - FLUSH PRIVILEGES changed_when: False + when: not run_travis - name: add launchagents folder mac file: path=~/Library/LaunchAgents state=directory From ffd6ad7c12d86286221a13c3729d7df55d146647 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Fri, 8 Sep 2017 20:40:16 +0530 Subject: [PATCH 16/20] [fix] setup firewall and change ssh port via bench --- bench/commands/setup.py | 31 ++++++++++++++++-------- playbooks/production/change_ssh_port.yml | 5 ++++ playbooks/production/setup_firewall.yml | 7 ++++-- 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/bench/commands/setup.py b/bench/commands/setup.py index 74327d35..b0db827f 100755 --- a/bench/commands/setup.py +++ b/bench/commands/setup.py @@ -76,24 +76,35 @@ def setup_env(): setup_env() @click.command('firewall') -def setup_firewall(): +@click.option('--ssh_port') +@click.option('--force') +def setup_firewall(ssh_port=None, force=False): "Setup firewall" from bench.utils import run_playbook - click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n' - 'Do you want to continue?', - abort=True) - run_playbook('production/setup_firewall.yml') + + if not force: + click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n' + 'Do you want to continue?', + abort=True) + + if not ssh_port: + ssh_port = 22 + + run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port}) @click.command('ssh-port') @click.argument('port') -def set_ssh_port(port): +@click.option('--force') +def set_ssh_port(port, force=False): "Set SSH Port" from bench.utils import run_playbook - click.confirm('This will change your SSH Port to {}\n' - 'Do you want to continue?'.format(port), - abort=True) - run_playbook('production/change_ssh_port.yml', {"ssh_port": port}) + if not force: + click.confirm('This will change your SSH Port to {}\n' + 'Do you want to continue?'.format(port), + abort=True) + + run_playbook('production/change_ssh_port.yml', {"ssh_port": port}) @click.command('lets-encrypt') @click.argument('site') diff --git a/playbooks/production/change_ssh_port.yml b/playbooks/production/change_ssh_port.yml index a0bd21f8..715a98d0 100755 --- a/playbooks/production/change_ssh_port.yml +++ b/playbooks/production/change_ssh_port.yml @@ -12,3 +12,8 @@ - name: restart ssh service: name=sshd state=reloaded + + - name: Change ansible ssh port to 2332 + set_fact: + ansible_ssh_port: '{{ ssh_port }}' + diff --git a/playbooks/production/setup_firewall.yml b/playbooks/production/setup_firewall.yml index 00b6b893..e9242eb3 100755 --- a/playbooks/production/setup_firewall.yml +++ b/playbooks/production/setup_firewall.yml @@ -4,6 +4,9 @@ tasks: # For CentOS + - name: Enable SELinux + selinux: policy=targeted state=permissive + - name: Install firewalld yum: name=firewalld state=present when: ansible_distribution == 'CentOS' @@ -17,7 +20,7 @@ with_items: - 80 - 443 - - 22 + - {{ ssh_port }} when: ansible_distribution == 'CentOS' - name: Restart Firewall @@ -38,6 +41,6 @@ with_items: - 80 - 443 - - 22 + - {{ ssh_port }} when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' From 802fa1e239a926c2081bc6c038b09bc6833935d5 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Fri, 8 Sep 2017 21:23:35 +0530 Subject: [PATCH 17/20] install modules --- bench/commands/__init__.py | 3 +++ bench/commands/install.py | 49 ++++++++++++++++++++++++++++++++++++++ bench/commands/setup.py | 7 ------ 3 files changed, 52 insertions(+), 7 deletions(-) create mode 100644 bench/commands/install.py diff --git a/bench/commands/__init__.py b/bench/commands/__init__.py index 683df339..0907f12d 100755 --- a/bench/commands/__init__.py +++ b/bench/commands/__init__.py @@ -68,3 +68,6 @@ from bench.commands.git import remote_set_url, remote_reset_url, remote_urls bench_command.add_command(remote_set_url) bench_command.add_command(remote_reset_url) bench_command.add_command(remote_urls) + +from bench.commands.install import install +bench_command.add_command(install) \ No newline at end of file diff --git a/bench/commands/install.py b/bench/commands/install.py new file mode 100644 index 00000000..00e4f5db --- /dev/null +++ b/bench/commands/install.py @@ -0,0 +1,49 @@ +import os, sys, json, click +from bench.utils import run_playbook + +extra_vars = {"production": True} + +@click.group() +def install(): + "Install system dependancies" + pass + +@click.command('prerequisites') +def install_prerequisites(): + "Install prerequisites" + run_playbook('prerequisites/install_prerequisites.yml') + +@click.command('mariadb') +@click.option('--mysql_root_password') +def install_maridb(mysql_root_password=''): + "Install mariadb 10.1" + extra_vars.update(mysql_root_password) + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='maridb') + +@click.command('wkhtmltopdf') +def install_wkhtmltopdf(): + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='wkhtmltopdf') + +@click.command('nodejs') +def install_nodejs(): + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nodejs') + +@click.command('psutil') +def install_psutil(): + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil') + +@click.command('nginx') +def install_nginx(): + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx') + +@click.command('fail2ban') +def install_failtoban(): + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='fail2ban') + +install.add_command(install_prerequisites) +install.add_command(install_maridb) +install.add_command(install_wkhtmltopdf) +install.add_command(install_nodejs) +install.add_command(install_psutil) +install.add_command(install_nginx) +install.add_command(install_failtoban) \ No newline at end of file diff --git a/bench/commands/setup.py b/bench/commands/setup.py index b0db827f..c56f7a43 100755 --- a/bench/commands/setup.py +++ b/bench/commands/setup.py @@ -191,12 +191,6 @@ def sync_domains(domain=None, site=None): # if changed, success, else failure sys.exit(0 if changed else 1) -@click.command('prerequisites') -def setup_prerequisites(): - "Install prerequisites" - from bench.utils import run_playbook - run_playbook('prerequisites/install_prerequisites.yml') - @click.command('role') @click.argument('role') @click.option('--admin_emails', default='') @@ -234,5 +228,4 @@ setup.add_command(remove_domain) setup.add_command(sync_domains) setup.add_command(setup_firewall) setup.add_command(set_ssh_port) -setup.add_command(setup_prerequisites) setup.add_command(setup_roles) \ No newline at end of file From af16ee3eec3af39331f284c990f21bc0d0c43c37 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 18 Sep 2017 12:37:55 +0530 Subject: [PATCH 18/20] [fix] add commands to sudoer --- bench/cli.py | 4 +++- bench/commands/install.py | 6 ++++-- playbooks/production/setup_firewall.yml | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/bench/cli.py b/bench/cli.py index 0ca2fe10..f9c80fba 100755 --- a/bench/cli.py +++ b/bench/cli.py @@ -47,7 +47,9 @@ def check_uid(): sys.exit(1) def cmd_requires_root(): - if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', 'print', 'firewall', 'ssh-port', 'prerequisites', 'role'): + if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', + 'print', 'firewall', 'ssh-port', 'prerequisites', 'role', 'mariadb', 'wkhtmltopdf', + 'nodejs', 'psutil', 'nginx', 'fail2ban'): return True if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production'): return True diff --git a/bench/commands/install.py b/bench/commands/install.py index 00e4f5db..e8c031ab 100644 --- a/bench/commands/install.py +++ b/bench/commands/install.py @@ -17,8 +17,10 @@ def install_prerequisites(): @click.option('--mysql_root_password') def install_maridb(mysql_root_password=''): "Install mariadb 10.1" - extra_vars.update(mysql_root_password) - run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='maridb') + if mysql_root_password: + extra_vars.update({"mysql_root_password": mysql_root_password}) + + run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='mariadb') @click.command('wkhtmltopdf') def install_wkhtmltopdf(): diff --git a/playbooks/production/setup_firewall.yml b/playbooks/production/setup_firewall.yml index e9242eb3..9b400bdf 100755 --- a/playbooks/production/setup_firewall.yml +++ b/playbooks/production/setup_firewall.yml @@ -20,7 +20,7 @@ with_items: - 80 - 443 - - {{ ssh_port }} + - "{{ ssh_port }}" when: ansible_distribution == 'CentOS' - name: Restart Firewall @@ -41,6 +41,6 @@ with_items: - 80 - 443 - - {{ ssh_port }} + - "{{ ssh_port }}" when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' From e005e618f4d5531dd9abc9d18d385850702cf0ec Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 18 Sep 2017 16:44:59 +0530 Subject: [PATCH 19/20] [fix] conditional variable fix --- .../mariadb/tasks/mysql_secure_installation.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml b/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml index d1ba6c4f..df1e5d83 100644 --- a/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml +++ b/playbooks/prerequisites/roles/mariadb/tasks/mysql_secure_installation.yml @@ -27,28 +27,28 @@ with_items: - 127.0.0.1 - ::1 - when: not run_travis + when: run_travis is not defined - name: Reload privilege tables command: 'mysql -ne "{{ item }}"' with_items: - FLUSH PRIVILEGES changed_when: False - when: not run_travis + when: run_travis is not defined - name: Remove anonymous users command: 'mysql -ne "{{ item }}"' with_items: - DELETE FROM mysql.user WHERE User='' changed_when: False - when: not run_travis + when: run_travis is not defined - name: Disallow root login remotely command: 'mysql -ne "{{ item }}"' with_items: - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1') changed_when: False - when: not run_travis + when: run_travis is not defined - name: Remove test database and access to it command: 'mysql -ne "{{ item }}"' @@ -56,14 +56,14 @@ - DROP DATABASE if exists test - DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%' changed_when: False - when: not run_travis + when: run_travis is not defined - name: Reload privilege tables command: 'mysql -ne "{{ item }}"' with_items: - FLUSH PRIVILEGES changed_when: False - when: not run_travis + when: run_travis is not defined - name: add launchagents folder mac file: path=~/Library/LaunchAgents state=directory From 56b01b7b65f0092d3ab2ad064c29de589777bd2e Mon Sep 17 00:00:00 2001 From: Saurabh Date: Mon, 18 Sep 2017 18:44:00 +0530 Subject: [PATCH 20/20] [fix] sudoer permissions --- bench/cli.py | 6 +++--- playbooks/develop/create_user.yml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/bench/cli.py b/bench/cli.py index f9c80fba..3d14cffe 100755 --- a/bench/cli.py +++ b/bench/cli.py @@ -48,10 +48,10 @@ def check_uid(): def cmd_requires_root(): if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', - 'print', 'firewall', 'ssh-port', 'prerequisites', 'role', 'mariadb', 'wkhtmltopdf', - 'nodejs', 'psutil', 'nginx', 'fail2ban'): + 'print', 'firewall', 'ssh-port', 'role'): return True - if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production'): + if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production', + 'install'): return True def change_dir(): diff --git a/playbooks/develop/create_user.yml b/playbooks/develop/create_user.yml index e7caf573..2980ed4e 100755 --- a/playbooks/develop/create_user.yml +++ b/playbooks/develop/create_user.yml @@ -12,6 +12,7 @@ mode: 'o+rx' owner: '{{ frappe_user }}' group: '{{ frappe_user }}' + recurse: yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian' - name: Set home folder perms @@ -20,6 +21,7 @@ mode: 'o+rx' owner: '{{ frappe_user }}' group: '{{ frappe_user }}' + recurse: yes when: ansible_distribution == 'MacOSX' - name: Set /tmp/.bench folder perms