mirror of
https://github.com/frappe/bench.git
synced 2025-01-10 09:02:10 +00:00
Merge pull request #480 from saurabh6790/ansible-merge
Setup bench via roles
This commit is contained in:
commit
e2260d7065
@ -47,9 +47,11 @@ def check_uid():
|
|||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
def cmd_requires_root():
|
def cmd_requires_root():
|
||||||
if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', 'reload-nginx', 'firewall', 'ssh-port'):
|
if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts',
|
||||||
|
'print', 'firewall', 'ssh-port', 'role'):
|
||||||
return True
|
return True
|
||||||
if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production'):
|
if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production',
|
||||||
|
'install'):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def change_dir():
|
def change_dir():
|
||||||
|
@ -68,3 +68,6 @@ from bench.commands.git import remote_set_url, remote_reset_url, remote_urls
|
|||||||
bench_command.add_command(remote_set_url)
|
bench_command.add_command(remote_set_url)
|
||||||
bench_command.add_command(remote_reset_url)
|
bench_command.add_command(remote_reset_url)
|
||||||
bench_command.add_command(remote_urls)
|
bench_command.add_command(remote_urls)
|
||||||
|
|
||||||
|
from bench.commands.install import install
|
||||||
|
bench_command.add_command(install)
|
51
bench/commands/install.py
Normal file
51
bench/commands/install.py
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
import os, sys, json, click
|
||||||
|
from bench.utils import run_playbook
|
||||||
|
|
||||||
|
extra_vars = {"production": True}
|
||||||
|
|
||||||
|
@click.group()
|
||||||
|
def install():
|
||||||
|
"Install system dependancies"
|
||||||
|
pass
|
||||||
|
|
||||||
|
@click.command('prerequisites')
|
||||||
|
def install_prerequisites():
|
||||||
|
"Install prerequisites"
|
||||||
|
run_playbook('prerequisites/install_prerequisites.yml')
|
||||||
|
|
||||||
|
@click.command('mariadb')
|
||||||
|
@click.option('--mysql_root_password')
|
||||||
|
def install_maridb(mysql_root_password=''):
|
||||||
|
"Install mariadb 10.1"
|
||||||
|
if mysql_root_password:
|
||||||
|
extra_vars.update({"mysql_root_password": mysql_root_password})
|
||||||
|
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='mariadb')
|
||||||
|
|
||||||
|
@click.command('wkhtmltopdf')
|
||||||
|
def install_wkhtmltopdf():
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='wkhtmltopdf')
|
||||||
|
|
||||||
|
@click.command('nodejs')
|
||||||
|
def install_nodejs():
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nodejs')
|
||||||
|
|
||||||
|
@click.command('psutil')
|
||||||
|
def install_psutil():
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='psutil')
|
||||||
|
|
||||||
|
@click.command('nginx')
|
||||||
|
def install_nginx():
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='nginx')
|
||||||
|
|
||||||
|
@click.command('fail2ban')
|
||||||
|
def install_failtoban():
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag='fail2ban')
|
||||||
|
|
||||||
|
install.add_command(install_prerequisites)
|
||||||
|
install.add_command(install_maridb)
|
||||||
|
install.add_command(install_wkhtmltopdf)
|
||||||
|
install.add_command(install_nodejs)
|
||||||
|
install.add_command(install_psutil)
|
||||||
|
install.add_command(install_nginx)
|
||||||
|
install.add_command(install_failtoban)
|
@ -77,24 +77,35 @@ def setup_env():
|
|||||||
setup_env()
|
setup_env()
|
||||||
|
|
||||||
@click.command('firewall')
|
@click.command('firewall')
|
||||||
def setup_firewall():
|
@click.option('--ssh_port')
|
||||||
|
@click.option('--force')
|
||||||
|
def setup_firewall(ssh_port=None, force=False):
|
||||||
"Setup firewall"
|
"Setup firewall"
|
||||||
from bench.utils import run_playbook
|
from bench.utils import run_playbook
|
||||||
|
|
||||||
|
if not force:
|
||||||
click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n'
|
click.confirm('Setting up the firewall will block all ports except 80, 443 and 22\n'
|
||||||
'Do you want to continue?',
|
'Do you want to continue?',
|
||||||
abort=True)
|
abort=True)
|
||||||
run_playbook('production/setup_firewall.yml')
|
|
||||||
|
if not ssh_port:
|
||||||
|
ssh_port = 22
|
||||||
|
|
||||||
|
run_playbook('production/setup_firewall.yml', {"ssh_port": ssh_port})
|
||||||
|
|
||||||
@click.command('ssh-port')
|
@click.command('ssh-port')
|
||||||
@click.argument('port')
|
@click.argument('port')
|
||||||
def set_ssh_port(port):
|
@click.option('--force')
|
||||||
|
def set_ssh_port(port, force=False):
|
||||||
"Set SSH Port"
|
"Set SSH Port"
|
||||||
from bench.utils import run_playbook
|
from bench.utils import run_playbook
|
||||||
|
|
||||||
|
if not force:
|
||||||
click.confirm('This will change your SSH Port to {}\n'
|
click.confirm('This will change your SSH Port to {}\n'
|
||||||
'Do you want to continue?'.format(port),
|
'Do you want to continue?'.format(port),
|
||||||
abort=True)
|
abort=True)
|
||||||
run_playbook('production/change_ssh_port.yml', {"ssh_port": port})
|
|
||||||
|
|
||||||
|
run_playbook('production/change_ssh_port.yml', {"ssh_port": port})
|
||||||
|
|
||||||
@click.command('lets-encrypt')
|
@click.command('lets-encrypt')
|
||||||
@click.argument('site')
|
@click.argument('site')
|
||||||
@ -181,6 +192,23 @@ def sync_domains(domain=None, site=None):
|
|||||||
# if changed, success, else failure
|
# if changed, success, else failure
|
||||||
sys.exit(0 if changed else 1)
|
sys.exit(0 if changed else 1)
|
||||||
|
|
||||||
|
@click.command('role')
|
||||||
|
@click.argument('role')
|
||||||
|
@click.option('--admin_emails', default='')
|
||||||
|
@click.option('--mysql_root_password')
|
||||||
|
def setup_roles(role, **kwargs):
|
||||||
|
"Install dependancies via roles"
|
||||||
|
from bench.utils import run_playbook
|
||||||
|
|
||||||
|
extra_vars = {"production": True}
|
||||||
|
extra_vars.update(kwargs)
|
||||||
|
|
||||||
|
if role:
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars, tag=role)
|
||||||
|
else:
|
||||||
|
run_playbook('prerequisites/install_roles.yml', extra_vars=extra_vars)
|
||||||
|
|
||||||
|
|
||||||
setup.add_command(setup_sudoers)
|
setup.add_command(setup_sudoers)
|
||||||
setup.add_command(setup_nginx)
|
setup.add_command(setup_nginx)
|
||||||
setup.add_command(reload_nginx)
|
setup.add_command(reload_nginx)
|
||||||
@ -201,3 +229,4 @@ setup.add_command(remove_domain)
|
|||||||
setup.add_command(sync_domains)
|
setup.add_command(sync_domains)
|
||||||
setup.add_command(setup_firewall)
|
setup.add_command(setup_firewall)
|
||||||
setup.add_command(set_ssh_port)
|
setup.add_command(set_ssh_port)
|
||||||
|
setup.add_command(setup_roles)
|
@ -761,11 +761,16 @@ def set_git_remote_url(git_url, bench_path='.'):
|
|||||||
if os.path.exists(os.path.join(app_dir, '.git')):
|
if os.path.exists(os.path.join(app_dir, '.git')):
|
||||||
exec_cmd("git remote set-url upstream {}".format(git_url), cwd=app_dir)
|
exec_cmd("git remote set-url upstream {}".format(git_url), cwd=app_dir)
|
||||||
|
|
||||||
def run_playbook(playbook_name, extra_vars=None):
|
def run_playbook(playbook_name, extra_vars=None, tag=None):
|
||||||
if not find_executable('ansible'):
|
if not find_executable('ansible'):
|
||||||
print("Ansible is needed to run this command, please install it using 'pip install ansible'")
|
print("Ansible is needed to run this command, please install it using 'pip install ansible'")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
args = ['ansible-playbook', '-c', 'local', playbook_name]
|
args = ['ansible-playbook', '-c', 'local', playbook_name]
|
||||||
|
|
||||||
if extra_vars:
|
if extra_vars:
|
||||||
args.extend(['-e', json.dumps(extra_vars)])
|
args.extend(['-e', json.dumps(extra_vars)])
|
||||||
|
|
||||||
|
if tag:
|
||||||
|
args.extend(['-t', tag])
|
||||||
|
|
||||||
subprocess.check_call(args, cwd=os.path.join(os.path.dirname(bench.__path__[0]), 'playbooks'))
|
subprocess.check_call(args, cwd=os.path.join(os.path.dirname(bench.__path__[0]), 'playbooks'))
|
||||||
|
@ -1,87 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts: localhost
|
|
||||||
vars:
|
|
||||||
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
|
|
||||||
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
|
|
||||||
mysql_config_template: "templates/simple_mariadb_config.cnf"
|
|
||||||
mysql_conf_dir: /etc/my.cnf.d/
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
- name: development tools package
|
|
||||||
yum: name="@Development tools" state=present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: install prerequisites
|
|
||||||
yum: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
# basic installs
|
|
||||||
- redis
|
|
||||||
|
|
||||||
# for mariadb
|
|
||||||
- libselinux-python
|
|
||||||
- mysql-devel
|
|
||||||
- mysql-libs
|
|
||||||
|
|
||||||
# for wkhtmltopdf
|
|
||||||
- libXrender
|
|
||||||
- libXext
|
|
||||||
- xorg-x11-fonts-75dpi
|
|
||||||
- xorg-x11-fonts-Type1
|
|
||||||
|
|
||||||
# for Pillow
|
|
||||||
- libjpeg-devel
|
|
||||||
- zlib-devel
|
|
||||||
- libzip-devel
|
|
||||||
- freetype-devel
|
|
||||||
- lcms2-devel
|
|
||||||
- libwebp-devel
|
|
||||||
- libtiff-devel
|
|
||||||
- tcl-devel
|
|
||||||
- tk-devel
|
|
||||||
|
|
||||||
# Python LDAP
|
|
||||||
- openldap-devel
|
|
||||||
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Import Node source RPM key
|
|
||||||
rpm_key:
|
|
||||||
key: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Add Node Repo
|
|
||||||
yum:
|
|
||||||
name: 'https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm'
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Install nodejs
|
|
||||||
yum:
|
|
||||||
name: nodejs
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
# install MariaDB
|
|
||||||
- include: includes/mariadb_centos.yml
|
|
||||||
|
|
||||||
# install WKHTMLtoPDF
|
|
||||||
- include: includes/wkhtmltopdf.yml
|
|
||||||
|
|
||||||
# setup MariaDB
|
|
||||||
- include: includes/setup_mariadb.yml
|
|
||||||
|
|
||||||
# setup frappe-bench
|
|
||||||
- include: includes/setup_bench.yml
|
|
||||||
when: not run_travis and not without_bench_setup
|
|
||||||
|
|
||||||
# setup development environment
|
|
||||||
- include: includes/setup_dev_env.yml
|
|
||||||
when: not run_travis and not production
|
|
||||||
|
|
@ -1,127 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts: localhost
|
|
||||||
vars:
|
|
||||||
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
|
|
||||||
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
|
|
||||||
mysql_config_template: "templates/simple_mariadb_config.cnf"
|
|
||||||
mysql_conf_dir: /etc/mysql/conf.d/
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
- name: Add dotdeb apt repository key for Debian < 8
|
|
||||||
apt_key:
|
|
||||||
url: http://www.dotdeb.org/dotdeb.gpg
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
|
||||||
|
|
||||||
- name: Add dotdeb apt repository for redis-server for Debian < 8
|
|
||||||
apt_repository:
|
|
||||||
repo: 'deb http://packages.dotdeb.org wheezy all'
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
|
||||||
|
|
||||||
# install pre-requisites
|
|
||||||
- name: install prequisites
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
# basic installs
|
|
||||||
- build-essential
|
|
||||||
- redis-server
|
|
||||||
|
|
||||||
# for mariadb
|
|
||||||
- software-properties-common
|
|
||||||
|
|
||||||
# for wkhtmltopdf
|
|
||||||
- libxrender1
|
|
||||||
- libxext6
|
|
||||||
- xfonts-75dpi
|
|
||||||
- xfonts-base
|
|
||||||
|
|
||||||
# for Pillow
|
|
||||||
- zlib1g-dev
|
|
||||||
- libfreetype6-dev
|
|
||||||
- liblcms2-dev
|
|
||||||
- libwebp-dev
|
|
||||||
- python-tk
|
|
||||||
|
|
||||||
# Ensure apt-transport-https
|
|
||||||
- apt-transport-https
|
|
||||||
|
|
||||||
# Python LDAP
|
|
||||||
- libsasl2-dev
|
|
||||||
- libldap2-dev
|
|
||||||
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: install pillow prerequisites for Debian < 8
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- libjpeg8-dev
|
|
||||||
- libtiff4-dev
|
|
||||||
- tcl8.5-dev
|
|
||||||
- tk8.5-dev
|
|
||||||
when: ansible_distribution_version | version_compare('8', 'lt')
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: install pillow prerequisites for Debian >= 8
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- libjpeg62-turbo-dev
|
|
||||||
- libtiff5-dev
|
|
||||||
- tcl8.5-dev
|
|
||||||
- tk8.5-dev
|
|
||||||
when: ansible_distribution_version | version_compare('8', 'ge')
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Add apt key for node repo
|
|
||||||
apt_key:
|
|
||||||
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
|
|
||||||
id: "68576280"
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Add repo
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Install nodejs 6.x
|
|
||||||
apt:
|
|
||||||
name: nodejs
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
force: yes
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
# install MariaDB
|
|
||||||
- include: includes/mariadb_debian.yml
|
|
||||||
|
|
||||||
# install WKHTMLtoPDF
|
|
||||||
- include: includes/wkhtmltopdf.yml
|
|
||||||
|
|
||||||
# setup MariaDB
|
|
||||||
- include: includes/setup_mariadb.yml
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
var: run_travis
|
|
||||||
|
|
||||||
# setup frappe-bench
|
|
||||||
- include: includes/setup_bench.yml
|
|
||||||
when: not run_travis
|
|
||||||
|
|
||||||
# setup development environment
|
|
||||||
- include: includes/setup_dev_env.yml
|
|
||||||
when: not production and not run_travis
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Add repository
|
|
||||||
template: src=templates/mariadb_centos.repo dest=/etc/yum.repos.d/MariaDB.repo owner=root mode=0644
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Install MariaDB
|
|
||||||
yum: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- MariaDB-server
|
|
||||||
- MariaDB-client
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
@ -1,27 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Add apt key for mariadb for Debian <= 8
|
|
||||||
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution_major_version | version_compare('8', 'le')
|
|
||||||
|
|
||||||
- name: Add apt repository
|
|
||||||
apt_repository:
|
|
||||||
repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian {{ ansible_distribution_release }} main'
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Unattended package installation
|
|
||||||
shell: export DEBIAN_FRONTEND=noninteractive
|
|
||||||
|
|
||||||
- name: apt-get install
|
|
||||||
apt: pkg={{ item }} update_cache=yes state=present
|
|
||||||
with_items:
|
|
||||||
- mariadb-server
|
|
||||||
- mariadb-client
|
|
||||||
- mariadb-common
|
|
||||||
- libmariadbclient-dev
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
@ -1,32 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Add apt key for mariadb for Ubuntu < 16.04
|
|
||||||
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution_version | version_compare('16.04', 'lt')
|
|
||||||
|
|
||||||
- name: Add apt key for mariadb for Ubuntu >= 16.04
|
|
||||||
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xF1656F24C74CD1D8 state=present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution_version | version_compare('16.04', 'ge')
|
|
||||||
|
|
||||||
- name: Add apt repository
|
|
||||||
apt_repository:
|
|
||||||
repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu {{ ansible_distribution_release }} main'
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Unattended package installation
|
|
||||||
shell: export DEBIAN_FRONTEND=noninteractive
|
|
||||||
|
|
||||||
- name: apt-get install
|
|
||||||
apt: pkg={{ item }} update_cache=yes state=present
|
|
||||||
with_items:
|
|
||||||
- mariadb-server
|
|
||||||
- mariadb-client
|
|
||||||
- mariadb-common
|
|
||||||
- libmariadbclient-dev
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
@ -1,40 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install MySQLdb in global env
|
|
||||||
pip: name=mysql-python version=1.2.5
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Add configuration
|
|
||||||
template: src={{ mysql_config_template }} dest={{ mysql_conf_dir }}/frappe.cnf owner=root mode=0644
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: restart mysql linux
|
|
||||||
service: name=mysql state=restarted
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Debian'
|
|
||||||
|
|
||||||
- name: Set root Password
|
|
||||||
command: mysqladmin -u root password {{ mysql_root_password }}
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: mysql_root_password is defined
|
|
||||||
# incase root password is already set
|
|
||||||
ignore_errors: yes
|
|
||||||
|
|
||||||
- name: add launchagents folder mac
|
|
||||||
file: path=~/Library/LaunchAgents state=directory
|
|
||||||
when: ansible_distribution == 'MacOSX'
|
|
||||||
|
|
||||||
- name: add mysql to mac startup
|
|
||||||
file: src=/usr/local/opt/mariadb/homebrew.mxcl.mariadb.plist path=~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist state=link force=yes
|
|
||||||
when: ansible_distribution == 'MacOSX'
|
|
||||||
|
|
||||||
- name: stop mysql mac
|
|
||||||
command: launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
|
|
||||||
when: ansible_distribution == 'MacOSX'
|
|
||||||
|
|
||||||
- name: start mysql mac
|
|
||||||
command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
|
|
||||||
when: ansible_distribution == 'MacOSX'
|
|
@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
- name: download wkthmltox linux
|
|
||||||
get_url: url=https://github.com/frappe/wkhtmltopdf/raw/master/wkhtmltox-0.12.3_linux-generic-{{ "amd64" if ansible_architecture == "x86_64" else "i386"}}.tar.xz dest=/tmp/wkhtmltox.tar.xz
|
|
||||||
|
|
||||||
- name: Creates directory
|
|
||||||
file: path=/tmp/wkhtmltox state=directory
|
|
||||||
|
|
||||||
- name: unarchive wkhtmltopdf
|
|
||||||
unarchive: src=/tmp/wkhtmltox.tar.xz dest=/tmp
|
|
||||||
|
|
||||||
- name: copy to /usr/local/bin
|
|
||||||
copy: src="/tmp/wkhtmltox/bin/wkhtmltopdf" dest="/usr/local/bin/wkhtmltopdf"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: make wkhtmltopdf executable
|
|
||||||
file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
|
|
||||||
become: true
|
|
||||||
become_user: root
|
|
@ -1,14 +1,25 @@
|
|||||||
---
|
---
|
||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
|
|
||||||
|
- include: ../prerequisites/install_prerequisites.yml
|
||||||
|
when: ansible_distribution != 'MacOSX'
|
||||||
|
|
||||||
|
- include: ../prerequisites/install_roles.yml
|
||||||
|
when: ansible_distribution != 'MacOSX'
|
||||||
|
|
||||||
- include: macosx.yml
|
- include: macosx.yml
|
||||||
when: ansible_distribution == 'MacOSX'
|
when: ansible_distribution == 'MacOSX'
|
||||||
|
|
||||||
- include: ubuntu.yml
|
- name: setup bench and dev environment
|
||||||
when: ansible_distribution == 'Ubuntu'
|
hosts: localhost
|
||||||
|
vars:
|
||||||
|
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
|
||||||
|
bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}"
|
||||||
|
tasks:
|
||||||
|
# setup frappe-bench
|
||||||
|
- include: includes/setup_bench.yml
|
||||||
|
when: not run_travis and not without_bench_setup
|
||||||
|
|
||||||
- include: centos.yml
|
# setup development environment
|
||||||
when: ansible_distribution == 'CentOS'
|
- include: includes/setup_dev_env.yml
|
||||||
|
when: not run_travis and not production
|
||||||
- include: debian.yml
|
|
||||||
when: ansible_distribution == 'Debian'
|
|
||||||
|
@ -1,13 +1,11 @@
|
|||||||
---
|
---
|
||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
|
become: yes
|
||||||
|
become_user: root
|
||||||
vars:
|
vars:
|
||||||
bench_repo_path: "/Users/{{ ansible_user_id }}/.bench"
|
bench_repo_path: "/Users/{{ ansible_user_id }}/.bench"
|
||||||
bench_path: "/Users/{{ ansible_user_id }}/frappe-bench"
|
bench_path: "/Users/{{ ansible_user_id }}/frappe-bench"
|
||||||
mysql_config_template: "templates/simple_mariadb_config.cnf"
|
|
||||||
mysql_conf_dir: /usr/local/etc/my.cnf.d
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
# install pre-requisites
|
# install pre-requisites
|
||||||
- name: install prequisites
|
- name: install prequisites
|
||||||
homebrew: name={{ item }} state=present
|
homebrew: name={{ item }} state=present
|
||||||
@ -23,8 +21,13 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- wkhtmltopdf
|
- wkhtmltopdf
|
||||||
|
|
||||||
# setup MariaDB
|
- name: configure mariadb
|
||||||
- include: includes/setup_mariadb.yml
|
include: ../prerequisites/roles/mariadb/tasks/main.yml
|
||||||
|
vars:
|
||||||
|
mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
|
||||||
|
|
||||||
|
- name: Install MySQLdb in global env
|
||||||
|
pip: name=mysql-python version=1.2.5
|
||||||
|
|
||||||
# setup frappe-bench
|
# setup frappe-bench
|
||||||
- include: includes/setup_bench.yml
|
- include: includes/setup_bench.yml
|
||||||
|
@ -1,110 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts: localhost
|
|
||||||
vars:
|
|
||||||
bench_repo_path: "/home/{{ ansible_user_id }}/.bench"
|
|
||||||
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
|
|
||||||
mysql_config_template: "templates/simple_mariadb_config.cnf"
|
|
||||||
mysql_conf_dir: /etc/mysql/conf.d/
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
|
|
||||||
# install pre-requisites
|
|
||||||
- name: install prequisites
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
# basic installs
|
|
||||||
- build-essential
|
|
||||||
- redis-server
|
|
||||||
|
|
||||||
# for mariadb
|
|
||||||
- software-properties-common
|
|
||||||
|
|
||||||
# for wkhtmltopdf
|
|
||||||
- libxrender1
|
|
||||||
- libxext6
|
|
||||||
- xfonts-75dpi
|
|
||||||
- xfonts-base
|
|
||||||
|
|
||||||
# for Pillow
|
|
||||||
- libjpeg8-dev
|
|
||||||
- zlib1g-dev
|
|
||||||
- libfreetype6-dev
|
|
||||||
- liblcms2-dev
|
|
||||||
- libwebp-dev
|
|
||||||
- python-tk
|
|
||||||
|
|
||||||
# Ensure apt-transport-https
|
|
||||||
- apt-transport-https
|
|
||||||
|
|
||||||
# Python LDAP
|
|
||||||
- libsasl2-dev
|
|
||||||
- libldap2-dev
|
|
||||||
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: install pillow prerequisites for Ubuntu < 14.04
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- libtiff4-dev
|
|
||||||
- tcl8.5-dev
|
|
||||||
- tk8.5-dev
|
|
||||||
when: ansible_distribution_version | version_compare('14.04', 'lt')
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: install pillow prerequisites for Ubuntu >= 14.04
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- libtiff5-dev
|
|
||||||
- tcl8.6-dev
|
|
||||||
- tk8.6-dev
|
|
||||||
when: ansible_distribution_version | version_compare('14.04', 'ge')
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Add apt key for node repo
|
|
||||||
apt_key:
|
|
||||||
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
|
|
||||||
id: "68576280"
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Add repo
|
|
||||||
apt_repository:
|
|
||||||
repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
|
|
||||||
state: present
|
|
||||||
register: node_repo
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Install nodejs 6.x
|
|
||||||
apt:
|
|
||||||
name: nodejs
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
force: yes
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
# install MariaDB
|
|
||||||
- include: includes/mariadb_ubuntu.yml
|
|
||||||
|
|
||||||
# install WKHTMLtoPDF
|
|
||||||
- include: includes/wkhtmltopdf.yml
|
|
||||||
|
|
||||||
# setup MariaDB
|
|
||||||
- include: includes/setup_mariadb.yml
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
var: run_travis
|
|
||||||
|
|
||||||
# setup frappe-bench
|
|
||||||
- include: includes/setup_bench.yml
|
|
||||||
when: not without_bench_setup and not run_travis
|
|
||||||
|
|
||||||
# setup development environment
|
|
||||||
- include: includes/setup_dev_env.yml
|
|
||||||
when: not production and not run_travis and not without_bench_setup
|
|
||||||
|
|
@ -104,6 +104,9 @@ def install_bench(args):
|
|||||||
branch = 'master' if args.production else 'develop'
|
branch = 'master' if args.production else 'develop'
|
||||||
extra_vars.update(branch=branch)
|
extra_vars.update(branch=branch)
|
||||||
|
|
||||||
|
bench_name = 'frappe-bench' if not args.bench_name else args.bench_name
|
||||||
|
extra_vars.update(bench_name=bench_name)
|
||||||
|
|
||||||
if args.develop:
|
if args.develop:
|
||||||
run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars)
|
run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars)
|
||||||
|
|
||||||
@ -341,6 +344,9 @@ def parse_commandline_args():
|
|||||||
parser.add_argument('--site', dest='site', action='store', default='site1.local',
|
parser.add_argument('--site', dest='site', action='store', default='site1.local',
|
||||||
help='Specifiy name for your first ERPNext site')
|
help='Specifiy name for your first ERPNext site')
|
||||||
|
|
||||||
|
parser.add_argument('--without-site', dest='without_site', action='store_true',
|
||||||
|
default=False)
|
||||||
|
|
||||||
parser.add_argument('--verbose', dest='verbosity', action='store_true', default=False,
|
parser.add_argument('--verbose', dest='verbosity', action='store_true', default=False,
|
||||||
help='Run the script in verbose mode')
|
help='Run the script in verbose mode')
|
||||||
|
|
||||||
@ -364,6 +370,7 @@ def parse_commandline_args():
|
|||||||
# set passwords
|
# set passwords
|
||||||
parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password')
|
parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password')
|
||||||
parser.add_argument('--admin-password', dest='admin_password', help='Set admin password')
|
parser.add_argument('--admin-password', dest='admin_password', help='Set admin password')
|
||||||
|
parser.add_argument('--bench-name', dest='bench_name', help='Create bench with specified name. Default name is frappe-bench')
|
||||||
|
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
21
playbooks/prerequisites/debian.yml
Normal file
21
playbooks/prerequisites/debian.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
- name: Setup OpenSSL dependancy
|
||||||
|
pip: name=pyOpenSSL version=16.2.0
|
||||||
|
|
||||||
|
- name: install pillow prerequisites for Debian < 8
|
||||||
|
apt: pkg={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- libjpeg8-dev
|
||||||
|
- libtiff4-dev
|
||||||
|
- tcl8.5-dev
|
||||||
|
- tk8.5-dev
|
||||||
|
when: ansible_distribution_version | version_compare('8', 'lt')
|
||||||
|
|
||||||
|
- name: install pillow prerequisites for Debian >= 8
|
||||||
|
apt: pkg={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- libjpeg62-turbo-dev
|
||||||
|
- libtiff5-dev
|
||||||
|
- tcl8.5-dev
|
||||||
|
- tk8.5-dev
|
||||||
|
when: ansible_distribution_version | version_compare('8', 'ge')
|
61
playbooks/prerequisites/files/mariadb_config.cnf
Normal file
61
playbooks/prerequisites/files/mariadb_config.cnf
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
[mysqld]
|
||||||
|
|
||||||
|
# GENERAL #
|
||||||
|
user = mysql
|
||||||
|
default-storage-engine = InnoDB
|
||||||
|
socket = /var/lib/mysql/mysql.sock
|
||||||
|
pid-file = /var/lib/mysql/mysql.pid
|
||||||
|
|
||||||
|
# MyISAM #
|
||||||
|
key-buffer-size = 32M
|
||||||
|
myisam-recover = FORCE,BACKUP
|
||||||
|
|
||||||
|
# SAFETY #
|
||||||
|
max-allowed-packet = 64M
|
||||||
|
max-connect-errors = 1000000
|
||||||
|
innodb = FORCE
|
||||||
|
|
||||||
|
# DATA STORAGE #
|
||||||
|
datadir = /var/lib/mysql/
|
||||||
|
|
||||||
|
# BINARY LOGGING #
|
||||||
|
log-bin = /var/lib/mysql/mysql-bin
|
||||||
|
expire-logs-days = 14
|
||||||
|
sync-binlog = 1
|
||||||
|
|
||||||
|
# REPLICATION #
|
||||||
|
server-id = 1
|
||||||
|
|
||||||
|
# CACHES AND LIMITS #
|
||||||
|
tmp-table-size = 32M
|
||||||
|
max-heap-table-size = 32M
|
||||||
|
query-cache-type = 0
|
||||||
|
query-cache-size = 0
|
||||||
|
max-connections = 500
|
||||||
|
thread-cache-size = 50
|
||||||
|
open-files-limit = 65535
|
||||||
|
table-definition-cache = 4096
|
||||||
|
table-open-cache = 10240
|
||||||
|
|
||||||
|
# INNODB #
|
||||||
|
innodb-flush-method = O_DIRECT
|
||||||
|
innodb-log-files-in-group = 2
|
||||||
|
innodb-log-file-size = 512M
|
||||||
|
innodb-flush-log-at-trx-commit = 1
|
||||||
|
innodb-file-per-table = 1
|
||||||
|
innodb-buffer-pool-size = {{ (ansible_memtotal_mb*0.685)|round|int }}M
|
||||||
|
innodb-file-format = barracuda
|
||||||
|
innodb-large-prefix = 1
|
||||||
|
collation-server = utf8mb4_unicode_ci
|
||||||
|
character-set-server = utf8mb4
|
||||||
|
character-set-client-handshake = FALSE
|
||||||
|
max_allowed_packet = 64M
|
||||||
|
|
||||||
|
# LOGGING #
|
||||||
|
log-error = /var/lib/mysql/mysql-error.log
|
||||||
|
log-queries-not-using-indexes = 0
|
||||||
|
slow-query-log = 1
|
||||||
|
slow-query-log-file = /var/lib/mysql/mysql-slow.log
|
||||||
|
|
||||||
|
[mysql]
|
||||||
|
default-character-set = utf8mb4
|
76
playbooks/prerequisites/files/nginx.conf
Normal file
76
playbooks/prerequisites/files/nginx.conf
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
user {{ nginx_user }};
|
||||||
|
worker_processes auto;
|
||||||
|
worker_rlimit_nofile 65535;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections {{ nginx_worker_connections or 2048 }};
|
||||||
|
multi_accept on;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
# keepalive_timeout 10;
|
||||||
|
# keepalive_requests 10;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
gzip_http_version 1.1;
|
||||||
|
gzip_comp_level 5;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_types
|
||||||
|
application/atom+xml
|
||||||
|
application/javascript
|
||||||
|
application/json
|
||||||
|
application/rss+xml
|
||||||
|
application/vnd.ms-fontobject
|
||||||
|
application/x-font-ttf
|
||||||
|
application/font-woff
|
||||||
|
application/x-web-app-manifest+json
|
||||||
|
application/xhtml+xml
|
||||||
|
application/xml
|
||||||
|
font/opentype
|
||||||
|
image/svg+xml
|
||||||
|
image/x-icon
|
||||||
|
text/css
|
||||||
|
text/plain
|
||||||
|
text/x-component
|
||||||
|
;
|
||||||
|
|
||||||
|
server_names_hash_max_size 4096;
|
||||||
|
|
||||||
|
open_file_cache max=65000 inactive=1m;
|
||||||
|
open_file_cache_valid 5s;
|
||||||
|
open_file_cache_min_uses 1;
|
||||||
|
open_file_cache_errors on;
|
||||||
|
|
||||||
|
ssl_protocols SSLv3 TLSv1;
|
||||||
|
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
client_max_body_size 50m;
|
||||||
|
large_client_header_buffers 4 32k;
|
||||||
|
|
||||||
|
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=web-cache:8m max_size=1000m inactive=600m;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
}
|
99
playbooks/prerequisites/install_prerequisites.yml
Normal file
99
playbooks/prerequisites/install_prerequisites.yml
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
---
|
||||||
|
#- include: setup_essentials.yml
|
||||||
|
|
||||||
|
- name: "Setup prerequisites"
|
||||||
|
hosts: localhost
|
||||||
|
become: yes
|
||||||
|
become_user: root
|
||||||
|
tasks:
|
||||||
|
- name: Install yum packages
|
||||||
|
yum: name={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- bzip2-devel
|
||||||
|
- cronie
|
||||||
|
- dnsmasq
|
||||||
|
- freetype-devel
|
||||||
|
- git
|
||||||
|
- htop
|
||||||
|
- lcms2-devel
|
||||||
|
- libjpeg-devel
|
||||||
|
- libtiff-devel
|
||||||
|
- libffi-devel
|
||||||
|
- libwebp-devel
|
||||||
|
- libXext
|
||||||
|
- libXrender
|
||||||
|
- libzip-devel
|
||||||
|
- libffi-devel
|
||||||
|
- ntp
|
||||||
|
- openssl-devel
|
||||||
|
- postfix
|
||||||
|
- python-devel
|
||||||
|
- python-setuptools
|
||||||
|
- python-pip
|
||||||
|
- redis
|
||||||
|
- screen
|
||||||
|
- sudo
|
||||||
|
- supervisor
|
||||||
|
- tcl-devel
|
||||||
|
- tk-devel
|
||||||
|
- vim
|
||||||
|
- which
|
||||||
|
- xorg-x11-fonts-75dpi
|
||||||
|
- xorg-x11-fonts-Type1
|
||||||
|
- zlib-devel
|
||||||
|
- openssl-devel
|
||||||
|
- openldap-devel
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
# Prerequisite for Debian and Ubuntu
|
||||||
|
- name: Install apt packages
|
||||||
|
apt: pkg={{ item }} state=present force=yes
|
||||||
|
with_items:
|
||||||
|
- build-essential
|
||||||
|
- software-properties-common
|
||||||
|
- dnsmasq
|
||||||
|
- fontconfig
|
||||||
|
- git
|
||||||
|
- htop
|
||||||
|
- libcrypto++-dev
|
||||||
|
- libfreetype6-dev
|
||||||
|
- liblcms2-dev
|
||||||
|
- libssl-dev
|
||||||
|
- libwebp-dev
|
||||||
|
- libxext6
|
||||||
|
- libxrender1
|
||||||
|
- libxslt1-dev
|
||||||
|
- libxslt1.1
|
||||||
|
- libffi-dev
|
||||||
|
- ntp
|
||||||
|
- postfix
|
||||||
|
- python-dev
|
||||||
|
- python-pip
|
||||||
|
- python-tk
|
||||||
|
- redis-server
|
||||||
|
- screen
|
||||||
|
- supervisor
|
||||||
|
- vim
|
||||||
|
- xfonts-75dpi
|
||||||
|
- xfonts-base
|
||||||
|
- zlib1g-dev
|
||||||
|
- apt-transport-https
|
||||||
|
- libsasl2-dev
|
||||||
|
- libldap2-dev
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- include: ubuntu.yml
|
||||||
|
when: ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- include: debian.yml
|
||||||
|
when: ansible_distribution == 'Debian'
|
||||||
|
|
||||||
|
# Prerequisite for MACOS
|
||||||
|
- name: install prequisites for macos
|
||||||
|
homebrew: name={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- cmake
|
||||||
|
- redis
|
||||||
|
- mariadb
|
||||||
|
- nodejs
|
||||||
|
when: ansible_distribution == 'MacOSX'
|
35
playbooks/prerequisites/install_roles.yml
Normal file
35
playbooks/prerequisites/install_roles.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil
|
||||||
|
hosts: localhost
|
||||||
|
become: yes
|
||||||
|
become_user: root
|
||||||
|
vars:
|
||||||
|
- mysql_conf_tpl: files/mariadb_config.cnf
|
||||||
|
- nginx_conf_file: files/nginx.conf
|
||||||
|
- mysql_secure_installation: True
|
||||||
|
roles:
|
||||||
|
- { role: locale, tags: "locale" }
|
||||||
|
- { role: swap, tags: "swap", when: production }
|
||||||
|
- { role: logwatch, tags: "logwatch", when: production }
|
||||||
|
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
|
||||||
|
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
|
||||||
|
- { role: dns_caching, tags: "dns_caching", when: production }
|
||||||
|
- { role: ntpd, tags: "ntpd", when: production }
|
||||||
|
- { role: mariadb, tags: "mariadb" }
|
||||||
|
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
|
||||||
|
- { role: nodejs, tags: "nodejs" }
|
||||||
|
- { role: psutil, tags: "psutil" }
|
||||||
|
- { role: nginx, tags: "nginx", when: production }
|
||||||
|
- { role: fail2ban, tags: "fail2ban" , when: production }
|
||||||
|
tasks:
|
||||||
|
- name: Set hostname
|
||||||
|
hostname: name='{{ hostname }}'
|
||||||
|
when: hostname is defined and production
|
||||||
|
|
||||||
|
- name: Start NTPD
|
||||||
|
service: name=ntpd state=started
|
||||||
|
when: ansible_distribution == 'CentOS' and production
|
||||||
|
|
||||||
|
- name: Start NTPD
|
||||||
|
service: name=ntp state=started
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production
|
@ -0,0 +1,8 @@
|
|||||||
|
if [ $TERM != 'screen' ]
|
||||||
|
then
|
||||||
|
PS1='HEY! USE SCREEN '$PS1
|
||||||
|
fi
|
||||||
|
|
||||||
|
sw() {
|
||||||
|
screen -x $1 || screen -S $1
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: Setup bash screen wall
|
||||||
|
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh
|
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: restart network manager
|
||||||
|
service: name=NetworkManager state=restarted
|
20
playbooks/prerequisites/roles/dns_caching/tasks/main.yml
Normal file
20
playbooks/prerequisites/roles/dns_caching/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
- name: check NetworkManager.conf exists
|
||||||
|
stat:
|
||||||
|
path: /etc/NetworkManager/NetworkManager.conf
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: unmask NetworkManager service
|
||||||
|
command: systemctl unmask NetworkManager
|
||||||
|
when: result.stat.exists
|
||||||
|
|
||||||
|
- name: add dnsmasq to network config
|
||||||
|
lineinfile: >
|
||||||
|
dest=/etc/NetworkManager/NetworkManager.conf
|
||||||
|
regexp="dns="
|
||||||
|
line="dns=dnsmasq"
|
||||||
|
state=present
|
||||||
|
when: result.stat.exists
|
||||||
|
notify:
|
||||||
|
- restart network manager
|
||||||
|
|
2
playbooks/prerequisites/roles/fail2ban/defaults/main.yml
Normal file
2
playbooks/prerequisites/roles/fail2ban/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
fail2ban_nginx_access_log: /var/log/nginx/access.log
|
3
playbooks/prerequisites/roles/fail2ban/handlers/main.yml
Normal file
3
playbooks/prerequisites/roles/fail2ban/handlers/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: restart fail2ban
|
||||||
|
service: name=fail2ban state=restarted
|
28
playbooks/prerequisites/roles/fail2ban/tasks/main.yml
Normal file
28
playbooks/prerequisites/roles/fail2ban/tasks/main.yml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
---
|
||||||
|
- name: Install fail2ban
|
||||||
|
yum: name=fail2ban state=present
|
||||||
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
- name: Install fail2ban
|
||||||
|
apt: name=fail2ban state=present
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Enable fail2ban
|
||||||
|
service: name=fail2ban enabled=yes
|
||||||
|
|
||||||
|
- name: Create jail.d
|
||||||
|
file: path=/etc/fail2ban/jail.d state=directory
|
||||||
|
|
||||||
|
- name: Setup filters
|
||||||
|
template: src="{{item}}-filter.conf.j2" dest="/etc/fail2ban/filter.d/{{item}}.conf"
|
||||||
|
with_items:
|
||||||
|
- nginx-proxy
|
||||||
|
notify:
|
||||||
|
- restart fail2ban
|
||||||
|
|
||||||
|
- name: setup jails
|
||||||
|
template: src="{{item}}-jail.conf.j2" dest="/etc/fail2ban/jail.d/{{item}}.conf"
|
||||||
|
with_items:
|
||||||
|
- nginx-proxy
|
||||||
|
notify:
|
||||||
|
- restart fail2ban
|
@ -0,0 +1,10 @@
|
|||||||
|
# Block IPs trying to use server as proxy.
|
||||||
|
[Definition]
|
||||||
|
failregex = <HOST>.*\" 400
|
||||||
|
<HOST>.*"[A-Z]* /(cms|muieblackcat|db|cpcommerce|cgi-bin|wp-login|joomla|awstatstotals|wp-content|wp-includes|pma|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|pmadb|phpmyadmin1|phpmyadmin2).*" 4[\d][\d]
|
||||||
|
<HOST>.*".*supports_implicit_sdk_logging.*" 4[\d][\d]
|
||||||
|
<HOST>.*".*activities?advertiser_tracking_enabled.*" 4[\d][\d]
|
||||||
|
<HOST>.*".*/picture?type=normal.*" 4[\d][\d]
|
||||||
|
<HOST>.*".*/announce.php?info_hash=.*" 4[\d][\d]
|
||||||
|
|
||||||
|
ignoreregex =
|
@ -0,0 +1,8 @@
|
|||||||
|
## block hosts trying to abuse our server as a forward proxy
|
||||||
|
[nginx-proxy]
|
||||||
|
enabled = true
|
||||||
|
filter = nginx-proxy
|
||||||
|
logpath = {{ fail2ban_nginx_access_log }}
|
||||||
|
action = iptables-multiport[name=NoNginxProxy, port="http,https"]
|
||||||
|
maxretry = 2
|
||||||
|
bantime = 86400
|
31
playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml
Normal file
31
playbooks/prerequisites/roles/frappe_selinux/tasks/main.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
- name: Install deps
|
||||||
|
yum: name="{{item}}" state=present
|
||||||
|
with_items:
|
||||||
|
- policycoreutils-python
|
||||||
|
- selinux-policy-devel
|
||||||
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
# - name: Install SELinux for Ubuntu
|
||||||
|
# apt: name={{ item }} state=present
|
||||||
|
# with_items:
|
||||||
|
# - selinux
|
||||||
|
# - selinux-policy-dev
|
||||||
|
# when: ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Check enabled SELinux modules
|
||||||
|
shell: semanage module -l
|
||||||
|
register: enabled_modules
|
||||||
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
- name: Copy frappe_selinux policy
|
||||||
|
copy: src=frappe_selinux.te dest=/root/frappe_selinux.te
|
||||||
|
register: dest_frappe_selinux_te
|
||||||
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
- name: Compile frappe_selinux policy
|
||||||
|
shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp"
|
||||||
|
args:
|
||||||
|
chdir: /root/
|
||||||
|
when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"
|
||||||
|
|
2
playbooks/prerequisites/roles/locale/defaults/main.yml
Normal file
2
playbooks/prerequisites/roles/locale/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
locale_keymap: us
|
||||||
|
locale_lang: en_US.utf8
|
20
playbooks/prerequisites/roles/locale/tasks/main.yml
Normal file
20
playbooks/prerequisites/roles/locale/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
- name: Check current locale
|
||||||
|
shell: localectl
|
||||||
|
register: locale_test
|
||||||
|
when: ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Set Locale
|
||||||
|
command: "localectl set-locale LANG={{ locale_lang }}"
|
||||||
|
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1
|
||||||
|
|
||||||
|
- name: Set keymap
|
||||||
|
command: "localectl set-keymap {{ locale_keymap }}"
|
||||||
|
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1"
|
||||||
|
|
||||||
|
- name: Set Locale as en_US
|
||||||
|
lineinfile: dest=/etc/environment backup=yes line="{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- "LC_ALL=en_US.UTF-8"
|
||||||
|
- "LC_CTYPE=en_US.UTF-8"
|
||||||
|
- "LANG=en_US.UTF-8"
|
3
playbooks/prerequisites/roles/logwatch/defaults/main.yml
Normal file
3
playbooks/prerequisites/roles/logwatch/defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
logwatch_emails: "{{ admin_emails }}"
|
||||||
|
logwatch_detail: High
|
12
playbooks/prerequisites/roles/logwatch/tasks/main.yml
Normal file
12
playbooks/prerequisites/roles/logwatch/tasks/main.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: Install logwatch
|
||||||
|
yum: name=logwatch state=present
|
||||||
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
- name: Install logwatch on Ubuntu or Debian
|
||||||
|
apt: name=logwatch state=present
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Copy logwatch config
|
||||||
|
template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes
|
||||||
|
when: admin_emails is defined
|
@ -0,0 +1,2 @@
|
|||||||
|
MailTo = {{ logwatch_emails }}
|
||||||
|
Detail = {{ logwatch_detail }}
|
64
playbooks/prerequisites/roles/mariadb/README.md
Normal file
64
playbooks/prerequisites/roles/mariadb/README.md
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
# Ansible Role: MariaDB
|
||||||
|
|
||||||
|
Installs MariaDB
|
||||||
|
|
||||||
|
## Supported platforms
|
||||||
|
|
||||||
|
```
|
||||||
|
CentOS 6 & 7
|
||||||
|
Ubuntu 14.04
|
||||||
|
```
|
||||||
|
|
||||||
|
## Post install
|
||||||
|
|
||||||
|
Run `mysql_secure_installation`
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
None
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
MariaDB version:
|
||||||
|
|
||||||
|
```
|
||||||
|
mariadb_version: 10.0
|
||||||
|
```
|
||||||
|
|
||||||
|
Configuration template:
|
||||||
|
|
||||||
|
```
|
||||||
|
mysql_conf_tpl: change_me
|
||||||
|
```
|
||||||
|
|
||||||
|
Configuration filename:
|
||||||
|
|
||||||
|
```
|
||||||
|
mysql_conf_file: settings.cnf
|
||||||
|
```
|
||||||
|
|
||||||
|
### Experimental unattended mysql_secure_installation
|
||||||
|
|
||||||
|
```
|
||||||
|
ansible-playbook release.yml --extra-vars "mysql_secure_installation=true mysql_root_password=your_very_secret_password"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
```
|
||||||
|
- hosts: servers
|
||||||
|
roles:
|
||||||
|
- { role: pcextreme.mariadb }
|
||||||
|
```
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT / BSD
|
||||||
|
|
||||||
|
## Author Information
|
||||||
|
|
||||||
|
Created by [Attila van der Velde](https://github.com/vdvm)
|
7
playbooks/prerequisites/roles/mariadb/defaults/main.yml
Normal file
7
playbooks/prerequisites/roles/mariadb/defaults/main.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
mariadb_version: 10.0
|
||||||
|
|
||||||
|
mysql_conf_tpl: change_me
|
||||||
|
mysql_conf_file: settings.cnf
|
||||||
|
|
||||||
|
mysql_secure_installation: false
|
3
playbooks/prerequisites/roles/mariadb/handlers/main.yml
Normal file
3
playbooks/prerequisites/roles/mariadb/handlers/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: restart mysql
|
||||||
|
service: name=mysql state=restarted
|
19
playbooks/prerequisites/roles/mariadb/meta/main.yml
Normal file
19
playbooks/prerequisites/roles/mariadb/meta/main.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
galaxy_info:
|
||||||
|
author: "Attila van der Velde"
|
||||||
|
description: "Installs MariaDB"
|
||||||
|
company: "PCextreme B.V."
|
||||||
|
license: "license (MIT, BSD)"
|
||||||
|
min_ansible_version: 1.8
|
||||||
|
platforms:
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 6
|
||||||
|
- 7
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- trusty
|
||||||
|
categories:
|
||||||
|
- database:sql
|
||||||
|
|
||||||
|
dependencies: []
|
12
playbooks/prerequisites/roles/mariadb/tasks/centos.yml
Normal file
12
playbooks/prerequisites/roles/mariadb/tasks/centos.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: Add repo file
|
||||||
|
template: src=mariadb_centos.repo.j2 dest=/etc/yum.repos.d/mariadb.repo owner=root group=root mode=0644
|
||||||
|
|
||||||
|
- name: Install MariaDB
|
||||||
|
yum: name={{ item }} enablerepo=mariadb state=present
|
||||||
|
with_items:
|
||||||
|
- MariaDB-server
|
||||||
|
- MariaDB-client
|
||||||
|
- MySQL-python
|
||||||
|
- MariaDB-devel
|
||||||
|
|
25
playbooks/prerequisites/roles/mariadb/tasks/debian.yml
Normal file
25
playbooks/prerequisites/roles/mariadb/tasks/debian.yml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
- name: Add apt key for mariadb for Debian <= 8
|
||||||
|
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xcbcb082a1bb943db state=present
|
||||||
|
when: ansible_distribution_major_version | version_compare('8', 'le')
|
||||||
|
|
||||||
|
- name: Add apt key for mariadb for Debian > 8
|
||||||
|
apt_key: keyserver=hkp://keyserver.ubuntu.com:80 id=0xF1656F24C74CD1D8 state=present
|
||||||
|
when: ansible_distribution_major_version | version_compare('8', 'gt')
|
||||||
|
|
||||||
|
- name: Add apt repository
|
||||||
|
apt_repository:
|
||||||
|
repo: 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian {{ ansible_distribution_release }} main'
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Unattended package installation
|
||||||
|
shell: export DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
|
- name: apt-get install
|
||||||
|
apt: pkg={{ item }} update_cache=yes state=present
|
||||||
|
with_items:
|
||||||
|
- mariadb-server
|
||||||
|
- mariadb-client
|
||||||
|
- mariadb-common
|
||||||
|
- libmariadbclient-dev
|
||||||
|
- python-mysqldb
|
31
playbooks/prerequisites/roles/mariadb/tasks/main.yml
Normal file
31
playbooks/prerequisites/roles/mariadb/tasks/main.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
- include: centos.yml
|
||||||
|
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
|
||||||
|
|
||||||
|
- include: ubuntu.yml
|
||||||
|
when: ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Add configuration
|
||||||
|
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
|
||||||
|
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
|
||||||
|
notify: restart mysql
|
||||||
|
|
||||||
|
- include: debian.yml
|
||||||
|
when: ansible_distribution == 'Debian'
|
||||||
|
|
||||||
|
- name: Add configuration
|
||||||
|
template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
|
||||||
|
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
|
||||||
|
notify: restart mysql
|
||||||
|
|
||||||
|
- name: Start and enable service
|
||||||
|
service: name=mysql state=started enabled=yes
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "{{ mysql_root_password }}"
|
||||||
|
|
||||||
|
- include: mysql_secure_installation.yml
|
||||||
|
when: mysql_root_password is defined
|
||||||
|
|
||||||
|
- debug: var=mysql_secure_installation
|
||||||
|
when: mysql_secure_installation and mysql_root_password is defined
|
@ -0,0 +1,82 @@
|
|||||||
|
---
|
||||||
|
# Set root password
|
||||||
|
# UPDATE mysql.user SET Password=PASSWORD('mysecret') WHERE User='root';
|
||||||
|
# FLUSH PRIVILEGES;
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "{{ mysql_root_password }}"
|
||||||
|
|
||||||
|
- name: Set root Password
|
||||||
|
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present
|
||||||
|
with_items:
|
||||||
|
- localhost
|
||||||
|
ignore_errors: yes
|
||||||
|
|
||||||
|
- name: Add .my.cnf
|
||||||
|
template: src=my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600
|
||||||
|
|
||||||
|
- name: display .my.cnf
|
||||||
|
command: cat /root/.my.cnf
|
||||||
|
register: details
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "{{ details.stdout_lines }}"
|
||||||
|
|
||||||
|
- name: Set root Password
|
||||||
|
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} state=present
|
||||||
|
with_items:
|
||||||
|
- 127.0.0.1
|
||||||
|
- ::1
|
||||||
|
when: run_travis is not defined
|
||||||
|
|
||||||
|
- name: Reload privilege tables
|
||||||
|
command: 'mysql -ne "{{ item }}"'
|
||||||
|
with_items:
|
||||||
|
- FLUSH PRIVILEGES
|
||||||
|
changed_when: False
|
||||||
|
when: run_travis is not defined
|
||||||
|
|
||||||
|
- name: Remove anonymous users
|
||||||
|
command: 'mysql -ne "{{ item }}"'
|
||||||
|
with_items:
|
||||||
|
- DELETE FROM mysql.user WHERE User=''
|
||||||
|
changed_when: False
|
||||||
|
when: run_travis is not defined
|
||||||
|
|
||||||
|
- name: Disallow root login remotely
|
||||||
|
command: 'mysql -ne "{{ item }}"'
|
||||||
|
with_items:
|
||||||
|
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
|
||||||
|
changed_when: False
|
||||||
|
when: run_travis is not defined
|
||||||
|
|
||||||
|
- name: Remove test database and access to it
|
||||||
|
command: 'mysql -ne "{{ item }}"'
|
||||||
|
with_items:
|
||||||
|
- DROP DATABASE if exists test
|
||||||
|
- DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'
|
||||||
|
changed_when: False
|
||||||
|
when: run_travis is not defined
|
||||||
|
|
||||||
|
- name: Reload privilege tables
|
||||||
|
command: 'mysql -ne "{{ item }}"'
|
||||||
|
with_items:
|
||||||
|
- FLUSH PRIVILEGES
|
||||||
|
changed_when: False
|
||||||
|
when: run_travis is not defined
|
||||||
|
|
||||||
|
- name: add launchagents folder mac
|
||||||
|
file: path=~/Library/LaunchAgents state=directory
|
||||||
|
when: ansible_distribution == 'MacOSX'
|
||||||
|
|
||||||
|
- name: add mysql to mac startup
|
||||||
|
file: src=/usr/local/opt/mariadb/homebrew.mxcl.mariadb.plist path=~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist state=link force=yes
|
||||||
|
when: ansible_distribution == 'MacOSX'
|
||||||
|
|
||||||
|
- name: stop mysql mac
|
||||||
|
command: launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
|
||||||
|
when: ansible_distribution == 'MacOSX'
|
||||||
|
|
||||||
|
- name: start mysql mac
|
||||||
|
command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
|
||||||
|
when: ansible_distribution == 'MacOSX'
|
31
playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml
Normal file
31
playbooks/prerequisites/roles/mariadb/tasks/ubuntu.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
- name: Add repo file
|
||||||
|
template: src=mariadb_ubuntu.list.j2 dest=/etc/apt/sources.list.d/mariadb.list owner=root group=root mode=0644
|
||||||
|
register: mariadb_list
|
||||||
|
|
||||||
|
- name: Add repo key
|
||||||
|
apt_key: id=1BB943DB url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCBCB082A1BB943DB state=present
|
||||||
|
register: mariadb_key
|
||||||
|
when: ansible_distribution_version | version_compare('16.04', 'lt')
|
||||||
|
|
||||||
|
- name: Add apt key for mariadb for Ubuntu >= 16.04
|
||||||
|
apt_key: id=C74CD1D8 url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF1656F24C74CD1D8 state=present
|
||||||
|
register: mariadb_key
|
||||||
|
when: ansible_distribution_version | version_compare('16.04', 'ge')
|
||||||
|
|
||||||
|
- name: Update apt cache
|
||||||
|
apt: update_cache=yes
|
||||||
|
when: mariadb_list.changed == True or mariadb_key.changed == True
|
||||||
|
|
||||||
|
- name: Unattended package installation
|
||||||
|
shell: export DEBIAN_FRONTEND=noninteractive
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Install MariaDB
|
||||||
|
apt: pkg={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- mariadb-server
|
||||||
|
- mariadb-client
|
||||||
|
- mariadb-common
|
||||||
|
- libmariadbclient-dev
|
||||||
|
- python-mysqldb
|
@ -0,0 +1,7 @@
|
|||||||
|
# MariaDB CentOS {{ ansible_distribution_major_version|int }} repository list
|
||||||
|
# http://mariadb.org/mariadb/repositories/
|
||||||
|
[mariadb]
|
||||||
|
name = MariaDB
|
||||||
|
baseurl = http://yum.mariadb.org/{{ mariadb_version }}/centos{{ ansible_distribution_major_version|int }}-amd64
|
||||||
|
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
|
||||||
|
gpgcheck=1
|
@ -0,0 +1,4 @@
|
|||||||
|
# MariaDB Ubuntu {{ ansible_distribution_release | title }} repository list
|
||||||
|
# http://mariadb.org/mariadb/repositories/
|
||||||
|
deb http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/ubuntu {{ ansible_distribution_release | lower }} main
|
||||||
|
deb-src http://ams2.mirrors.digitalocean.com/mariadb/repo/{{ mariadb_version }}/ubuntu {{ ansible_distribution_release | lower }} main
|
@ -0,0 +1,3 @@
|
|||||||
|
[client]
|
||||||
|
user=root
|
||||||
|
password={{ mysql_root_password }}
|
6
playbooks/prerequisites/roles/mariadb/vars/main.yml
Normal file
6
playbooks/prerequisites/roles/mariadb/vars/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
mysql_conf_dir:
|
||||||
|
"CentOS": /etc/my.cnf.d
|
||||||
|
"Ubuntu": /etc/mysql/conf.d
|
||||||
|
"Debian": /etc/mysql/conf.d
|
||||||
|
"MacOSX": /usr/local/etc/my.cnf.d
|
35
playbooks/prerequisites/roles/nginx/.travis.yml
Normal file
35
playbooks/prerequisites/roles/nginx/.travis.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
language: python
|
||||||
|
python: "2.7"
|
||||||
|
|
||||||
|
env:
|
||||||
|
- SITE=test.yml
|
||||||
|
|
||||||
|
before_install:
|
||||||
|
- sudo apt-get update -qq
|
||||||
|
- sudo apt-get install -y curl
|
||||||
|
|
||||||
|
install:
|
||||||
|
# Install Ansible.
|
||||||
|
- pip install ansible
|
||||||
|
|
||||||
|
# Add ansible.cfg to pick up roles path.
|
||||||
|
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
|
||||||
|
|
||||||
|
script:
|
||||||
|
# Check the role/playbook's syntax.
|
||||||
|
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
|
||||||
|
|
||||||
|
# Run the role/playbook with ansible-playbook.
|
||||||
|
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
|
||||||
|
|
||||||
|
# Run the role/playbook again, checking to make sure it's idempotent.
|
||||||
|
- >
|
||||||
|
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
|
||||||
|
| grep -q 'changed=0.*failed=0'
|
||||||
|
&& (echo 'Idempotence test: pass' && exit 0)
|
||||||
|
|| (echo 'Idempotence test: fail' && exit 1)
|
||||||
|
|
||||||
|
# TODO - get the test working. Probably need to add a virtual host.
|
||||||
|
# Request a page via Nginx, to make sure Nginx is running and responds.
|
||||||
|
# - "curl http://localhost/"
|
82
playbooks/prerequisites/roles/nginx/README.md
Normal file
82
playbooks/prerequisites/roles/nginx/README.md
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
# Ansible Role: Nginx
|
||||||
|
|
||||||
|
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
|
||||||
|
|
||||||
|
Installs Nginx on RedHat/CentOS or Debian/Ubuntu linux servers.
|
||||||
|
|
||||||
|
This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||||
|
|
||||||
|
nginx_vhosts: []
|
||||||
|
|
||||||
|
A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
|
||||||
|
|
||||||
|
nginx_remove_default_vhost: false
|
||||||
|
|
||||||
|
Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file.
|
||||||
|
|
||||||
|
nginx_upstreams: []
|
||||||
|
|
||||||
|
If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information.
|
||||||
|
|
||||||
|
nginx_user: "nginx"
|
||||||
|
|
||||||
|
The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian.
|
||||||
|
|
||||||
|
nginx_worker_processes: "1"
|
||||||
|
nginx_worker_connections: "1024"
|
||||||
|
|
||||||
|
`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!).
|
||||||
|
|
||||||
|
nginx_error_log: "/var/log/nginx/error.log warn"
|
||||||
|
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
|
||||||
|
|
||||||
|
Configuration of the default error and access logs. Set to `off` to disable a log entirely.
|
||||||
|
|
||||||
|
nginx_sendfile: "on"
|
||||||
|
nginx_tcp_nopush: "on"
|
||||||
|
nginx_tcp_nodelay: "on"
|
||||||
|
|
||||||
|
TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives.
|
||||||
|
|
||||||
|
nginx_keepalive_timeout: "65"
|
||||||
|
nginx_keepalive_requests: "100"
|
||||||
|
|
||||||
|
Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests.
|
||||||
|
|
||||||
|
nginx_client_max_body_size: "64m"
|
||||||
|
|
||||||
|
This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low.
|
||||||
|
|
||||||
|
nginx_proxy_cache_path: ""
|
||||||
|
|
||||||
|
Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations).
|
||||||
|
|
||||||
|
nginx_default_release: ""
|
||||||
|
|
||||||
|
(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx.
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
- hosts: server
|
||||||
|
roles:
|
||||||
|
- { role: geerlingguy.nginx }
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT / BSD
|
||||||
|
|
||||||
|
## Author Information
|
||||||
|
|
||||||
|
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).
|
48
playbooks/prerequisites/roles/nginx/defaults/main.yml
Normal file
48
playbooks/prerequisites/roles/nginx/defaults/main.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
# Used only for Debian/Ubuntu installation, as the -t option for apt.
|
||||||
|
nginx_default_release: ""
|
||||||
|
|
||||||
|
nginx_worker_processes: "1"
|
||||||
|
nginx_worker_connections: "1024"
|
||||||
|
|
||||||
|
nginx_error_log: "/var/log/nginx/error.log warn"
|
||||||
|
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
|
||||||
|
|
||||||
|
nginx_sendfile: "on"
|
||||||
|
nginx_tcp_nopush: "on"
|
||||||
|
nginx_tcp_nodelay: "on"
|
||||||
|
|
||||||
|
nginx_keepalive_timeout: "65"
|
||||||
|
nginx_keepalive_requests: "100"
|
||||||
|
|
||||||
|
nginx_client_max_body_size: "64m"
|
||||||
|
|
||||||
|
nginx_proxy_cache_path: ""
|
||||||
|
|
||||||
|
nginx_remove_default_vhost: false
|
||||||
|
nginx_vhosts: []
|
||||||
|
# Example vhost below, showing all available options:
|
||||||
|
# - {
|
||||||
|
# listen: "80 default_server", # default: "80 default_server"
|
||||||
|
# server_name: "example.com", # default: N/A
|
||||||
|
# root: "/var/www/example.com", # default: N/A
|
||||||
|
# index: "index.html index.htm", # default: "index.html index.htm"
|
||||||
|
#
|
||||||
|
# # Properties that are only added if defined:
|
||||||
|
# error_page: "",
|
||||||
|
# access_log: "",
|
||||||
|
# extra_config: "" # Can be used to add extra config blocks (multiline).
|
||||||
|
# }
|
||||||
|
|
||||||
|
nginx_upstreams: []
|
||||||
|
# - {
|
||||||
|
# name: myapp1,
|
||||||
|
# strategy: "ip_hash", # "least_conn", etc.
|
||||||
|
# servers: {
|
||||||
|
# "srv1.example.com",
|
||||||
|
# "srv2.example.com weight=3",
|
||||||
|
# "srv3.example.com"
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
nginx_conf_file: nginx.conf.j2
|
||||||
|
setup_www_redirect: false
|
3
playbooks/prerequisites/roles/nginx/handlers/main.yml
Normal file
3
playbooks/prerequisites/roles/nginx/handlers/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: restart nginx
|
||||||
|
service: name=nginx state=restarted
|
23
playbooks/prerequisites/roles/nginx/meta/main.yml
Normal file
23
playbooks/prerequisites/roles/nginx/meta/main.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
dependencies: []
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: geerlingguy
|
||||||
|
description: Nginx installation for Linux/UNIX.
|
||||||
|
company: "Midwestern Mac, LLC"
|
||||||
|
license: "license (BSD, MIT)"
|
||||||
|
min_ansible_version: 1.4
|
||||||
|
platforms:
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 6
|
||||||
|
- 7
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
categories:
|
||||||
|
- development
|
||||||
|
- web
|
46
playbooks/prerequisites/roles/nginx/tasks/main.yml
Normal file
46
playbooks/prerequisites/roles/nginx/tasks/main.yml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
---
|
||||||
|
# Variable setup.
|
||||||
|
- name: Include OS-specific variables.
|
||||||
|
include_vars: "{{ ansible_os_family }}.yml"
|
||||||
|
|
||||||
|
- name: Define nginx_user.
|
||||||
|
set_fact:
|
||||||
|
nginx_user: "{{ __nginx_user }}"
|
||||||
|
when: nginx_user is not defined
|
||||||
|
|
||||||
|
# Setup/install tasks.
|
||||||
|
- include: setup-RedHat.yml
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- include: setup-Debian.yml
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
# Replace default nginx config with nginx template
|
||||||
|
- name: Rename default nginx.conf to nginx.conf.old
|
||||||
|
command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
# Nginx setup.
|
||||||
|
- name: Copy nginx configuration in place.
|
||||||
|
template:
|
||||||
|
src: "{{ nginx_conf_file }}"
|
||||||
|
dest: /etc/nginx/nginx.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: restart nginx
|
||||||
|
|
||||||
|
- name: Setup www redirect
|
||||||
|
template:
|
||||||
|
src: ../files/www_redirect.conf
|
||||||
|
dest: /etc/nginx/conf.d/
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: restart nginx
|
||||||
|
when: setup_www_redirect
|
||||||
|
|
||||||
|
- name: Ensure nginx is started and enabled to start at boot.
|
||||||
|
service: name=nginx state=started enabled=yes
|
||||||
|
|
||||||
|
- include: vhosts.yml
|
18
playbooks/prerequisites/roles/nginx/tasks/setup-Debian.yml
Normal file
18
playbooks/prerequisites/roles/nginx/tasks/setup-Debian.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
- name: Add nginx apt repository key for Debian < 8
|
||||||
|
apt_key:
|
||||||
|
url: http://nginx.org/keys/nginx_signing.key
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
||||||
|
|
||||||
|
- name: Add nginx apt repository for Debian < 8
|
||||||
|
apt_repository:
|
||||||
|
repo: 'deb [arch=amd64,i386] http://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx'
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
||||||
|
|
||||||
|
- name: Ensure nginx is installed.
|
||||||
|
apt:
|
||||||
|
pkg: nginx
|
||||||
|
state: installed
|
||||||
|
default_release: "{{ nginx_default_release }}"
|
11
playbooks/prerequisites/roles/nginx/tasks/setup-RedHat.yml
Normal file
11
playbooks/prerequisites/roles/nginx/tasks/setup-RedHat.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
- name: Enable nginx repo.
|
||||||
|
template:
|
||||||
|
src: nginx.repo.j2
|
||||||
|
dest: /etc/yum.repos.d/nginx.repo
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Ensure nginx is installed.
|
||||||
|
yum: pkg=nginx state=installed enablerepo=nginx
|
22
playbooks/prerequisites/roles/nginx/tasks/vhosts.yml
Normal file
22
playbooks/prerequisites/roles/nginx/tasks/vhosts.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
- name: Remove default nginx vhost config file (if configured).
|
||||||
|
file:
|
||||||
|
path: "{{ nginx_default_vhost_path }}"
|
||||||
|
state: absent
|
||||||
|
when: nginx_remove_default_vhost
|
||||||
|
notify: restart nginx
|
||||||
|
|
||||||
|
- name: Add managed vhost config file (if any vhosts are configured).
|
||||||
|
template:
|
||||||
|
src: vhosts.j2
|
||||||
|
dest: "{{ nginx_vhost_path }}/vhosts.conf"
|
||||||
|
mode: 0644
|
||||||
|
when: nginx_vhosts
|
||||||
|
notify: restart nginx
|
||||||
|
|
||||||
|
- name: Remove managed vhost config file (if no vhosts are configured).
|
||||||
|
file:
|
||||||
|
path: "{{ nginx_vhost_path }}/vhosts.conf"
|
||||||
|
state: absent
|
||||||
|
when: not nginx_vhosts
|
||||||
|
notify: restart nginx
|
51
playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2
Normal file
51
playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
user {{ nginx_user }};
|
||||||
|
|
||||||
|
error_log {{ nginx_error_log }};
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
worker_processes {{ nginx_worker_processes }};
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections {{ nginx_worker_connections }};
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
server_names_hash_bucket_size 64;
|
||||||
|
|
||||||
|
client_max_body_size {{ nginx_client_max_body_size }};
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log {{ nginx_access_log }};
|
||||||
|
|
||||||
|
sendfile {{ nginx_sendfile }};
|
||||||
|
tcp_nopush {{ nginx_tcp_nopush }};
|
||||||
|
tcp_nodelay {{ nginx_tcp_nodelay }};
|
||||||
|
|
||||||
|
keepalive_timeout {{ nginx_keepalive_timeout }};
|
||||||
|
keepalive_requests {{ nginx_keepalive_requests }};
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
{% if nginx_proxy_cache_path %}
|
||||||
|
proxy_cache_path {{ nginx_proxy_cache_path }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% for upstream in nginx_upstreams %}
|
||||||
|
upstream {{ upstream.name }} {
|
||||||
|
{% if upstream.strategy is defined %}
|
||||||
|
{{ upstream.strategy }};
|
||||||
|
{% endif %}
|
||||||
|
{% for server in upstream.servers %}
|
||||||
|
server {{ server }};
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
include {{ nginx_vhost_path }}/*;
|
||||||
|
}
|
@ -0,0 +1,5 @@
|
|||||||
|
[nginx]
|
||||||
|
name=nginx repo
|
||||||
|
baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/
|
||||||
|
gpgcheck=0
|
||||||
|
enabled=1
|
24
playbooks/prerequisites/roles/nginx/templates/vhosts.j2
Normal file
24
playbooks/prerequisites/roles/nginx/templates/vhosts.j2
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{% for vhost in nginx_vhosts %}
|
||||||
|
server {
|
||||||
|
listen {{ vhost.listen | default('80 default_server') }};
|
||||||
|
server_name {{ vhost.server_name }};
|
||||||
|
|
||||||
|
root {{ vhost.root }};
|
||||||
|
index {{ vhost.index | default('index.html index.htm') }};
|
||||||
|
|
||||||
|
{% if vhost.error_page is defined %}
|
||||||
|
error_page {{ vhost.error_page }};
|
||||||
|
{% endif %}
|
||||||
|
{% if vhost.access_log is defined %}
|
||||||
|
access_log {{ vhost.access_log }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if vhost.return is defined %}
|
||||||
|
return {{ vhost.return }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if vhost.extra_parameters is defined %}
|
||||||
|
{{ vhost.extra_parameters }};
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
{% endfor %}
|
1
playbooks/prerequisites/roles/nginx/tests/inventory
Normal file
1
playbooks/prerequisites/roles/nginx/tests/inventory
Normal file
@ -0,0 +1 @@
|
|||||||
|
localhost
|
5
playbooks/prerequisites/roles/nginx/tests/test.yml
Normal file
5
playbooks/prerequisites/roles/nginx/tests/test.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
remote_user: root
|
||||||
|
roles:
|
||||||
|
- ansible-role-nginx
|
4
playbooks/prerequisites/roles/nginx/vars/Debian.yml
Normal file
4
playbooks/prerequisites/roles/nginx/vars/Debian.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
nginx_vhost_path: /etc/nginx/sites-enabled
|
||||||
|
nginx_default_vhost_path: /etc/nginx/sites-enabled/default
|
||||||
|
__nginx_user: "www-data"
|
4
playbooks/prerequisites/roles/nginx/vars/RedHat.yml
Normal file
4
playbooks/prerequisites/roles/nginx/vars/RedHat.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
nginx_vhost_path: /etc/nginx/conf.d
|
||||||
|
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
|
||||||
|
__nginx_user: "nginx"
|
39
playbooks/prerequisites/roles/nodejs/tasks/main.yml
Normal file
39
playbooks/prerequisites/roles/nodejs/tasks/main.yml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
- name: Import Node source RPM key
|
||||||
|
rpm_key:
|
||||||
|
key: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
|
||||||
|
state: present
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: Add Node Repo for RedHat
|
||||||
|
yum:
|
||||||
|
name: 'https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm'
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: Install node v6
|
||||||
|
yum: name=nodejs state=present
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: Add apt key for node repo
|
||||||
|
apt_key:
|
||||||
|
url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
|
||||||
|
id: "68576280"
|
||||||
|
state: present
|
||||||
|
when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Add repo
|
||||||
|
apt_repository:
|
||||||
|
repo: "deb [arch=amd64,i386] https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
|
||||||
|
state: present
|
||||||
|
register: node_repo
|
||||||
|
when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: Install nodejs 6.x
|
||||||
|
apt:
|
||||||
|
name: nodejs
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
force: yes
|
||||||
|
when: ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu'
|
23
playbooks/prerequisites/roles/ntpd/tasks/main.yml
Normal file
23
playbooks/prerequisites/roles/ntpd/tasks/main.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
- name: Install ntpd
|
||||||
|
yum: name="{{item}}" state=installed
|
||||||
|
with_items:
|
||||||
|
- ntp
|
||||||
|
- ntpdate
|
||||||
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
- name: enable ntpd
|
||||||
|
service: name=ntpd enabled=yes state=started
|
||||||
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
- name: Install ntpd
|
||||||
|
apt: name="{{item}}" state=installed
|
||||||
|
with_items:
|
||||||
|
- ntp
|
||||||
|
- ntpdate
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
|
- name: enable ntpd
|
||||||
|
service: name=ntp enabled=yes state=started
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
|
3
playbooks/prerequisites/roles/psutil/tasks/main.yml
Normal file
3
playbooks/prerequisites/roles/psutil/tasks/main.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: Install psutil
|
||||||
|
pip: name=psutil state=latest
|
1
playbooks/prerequisites/roles/swap/defaults/main.yml
Normal file
1
playbooks/prerequisites/roles/swap/defaults/main.yml
Normal file
@ -0,0 +1 @@
|
|||||||
|
swap_size_mb: 1024
|
18
playbooks/prerequisites/roles/swap/tasks/main.yml
Normal file
18
playbooks/prerequisites/roles/swap/tasks/main.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
- name: Create swap space
|
||||||
|
command: dd if=/dev/zero of=/extraswap bs=1M count={{swap_size_mb}}
|
||||||
|
when: ansible_swaptotal_mb < 1
|
||||||
|
|
||||||
|
- name: Make swap
|
||||||
|
command: mkswap /extraswap
|
||||||
|
when: ansible_swaptotal_mb < 1
|
||||||
|
|
||||||
|
- name: Add to fstab
|
||||||
|
action: lineinfile dest=/etc/fstab regexp="extraswap" line="/extraswap none swap sw 0 0" state=present
|
||||||
|
when: ansible_swaptotal_mb < 1
|
||||||
|
|
||||||
|
- name: Turn swap on
|
||||||
|
command: swapon -a
|
||||||
|
when: ansible_swaptotal_mb < 1
|
||||||
|
|
||||||
|
- name: Set swapiness
|
||||||
|
shell: echo 1 | tee /proc/sys/vm/swappiness
|
37
playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml
Normal file
37
playbooks/prerequisites/roles/wkhtmltopdf/tasks/main.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
- name: install base fonts
|
||||||
|
yum: name={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- libXrender
|
||||||
|
- libXext
|
||||||
|
- xorg-x11-fonts-75dpi
|
||||||
|
- xorg-x11-fonts-Type1
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: install base fonts
|
||||||
|
apt: name={{ item }} state=present force=yes
|
||||||
|
with_items:
|
||||||
|
- libxrender1
|
||||||
|
- libxext6
|
||||||
|
- xfonts-75dpi
|
||||||
|
- xfonts-base
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: download wkthmltox linux
|
||||||
|
get_url: url=https://github.com/frappe/wkhtmltopdf/raw/master/wkhtmltox-0.12.3_linux-generic-{{ "amd64" if ansible_architecture == "x86_64" else "i386"}}.tar.xz dest=/tmp/wkhtmltox.tar.xz
|
||||||
|
|
||||||
|
- name: Creates directory
|
||||||
|
file: path=/tmp/wkhtmltox state=directory
|
||||||
|
|
||||||
|
- name: unarchive wkhtmltopdf
|
||||||
|
unarchive: src=/tmp/wkhtmltox.tar.xz dest=/tmp
|
||||||
|
|
||||||
|
- name: copy to /usr/local/bin
|
||||||
|
copy: src="/tmp/wkhtmltox/bin/wkhtmltopdf" dest="/usr/local/bin/wkhtmltopdf"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
|
||||||
|
- name: make wkhtmltopdf executable
|
||||||
|
file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
48
playbooks/prerequisites/setup_essentials.yml
Normal file
48
playbooks/prerequisites/setup_essentials.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
- name: Setup Essentials
|
||||||
|
hosts: localhost
|
||||||
|
become: yes
|
||||||
|
become_user: root
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Install the 'Development tools' package group (Redhat)
|
||||||
|
yum: name="@Development tools" state=present
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: Install EPEL
|
||||||
|
yum: name='epel-release' state=present
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: Install libselinux-python
|
||||||
|
yum: name={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- python-devel
|
||||||
|
- python-setuptools
|
||||||
|
- python-pip
|
||||||
|
- libselinux-python
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- name: Add dotdeb apt repository key for Debian < 8
|
||||||
|
apt_key:
|
||||||
|
url: http://www.dotdeb.org/dotdeb.gpg
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
||||||
|
|
||||||
|
- name: Add dotdeb apt repository for redis-server for Debian < 8
|
||||||
|
apt_repository:
|
||||||
|
repo: 'deb http://packages.dotdeb.org wheezy all'
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
||||||
|
|
||||||
|
- name: Install python selinux
|
||||||
|
apt: pkg={{ item }} state=present force=yes
|
||||||
|
with_items:
|
||||||
|
- build-essential
|
||||||
|
- python-dev
|
||||||
|
- python-pip
|
||||||
|
- python-selinux
|
||||||
|
when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu'
|
18
playbooks/prerequisites/ubuntu.yml
Normal file
18
playbooks/prerequisites/ubuntu.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
- name: install pillow prerequisites for Ubuntu < 14.04
|
||||||
|
apt: pkg={{ item }} state=present force=yes
|
||||||
|
with_items:
|
||||||
|
- libjpeg8-dev
|
||||||
|
- libtiff4-dev
|
||||||
|
- tcl8.5-dev
|
||||||
|
- tk8.5-dev
|
||||||
|
when: ansible_distribution_version | version_compare('14.04', 'lt')
|
||||||
|
|
||||||
|
- name: install pillow prerequisites for Ubuntu >= 14.04
|
||||||
|
apt: pkg={{ item }} state=present force=yes
|
||||||
|
with_items:
|
||||||
|
- libjpeg8-dev
|
||||||
|
- libtiff5-dev
|
||||||
|
- tcl8.6-dev
|
||||||
|
- tk8.6-dev
|
||||||
|
when: ansible_distribution_version | version_compare('14.04', 'ge')
|
@ -12,3 +12,8 @@
|
|||||||
|
|
||||||
- name: restart ssh
|
- name: restart ssh
|
||||||
service: name=sshd state=reloaded
|
service: name=sshd state=reloaded
|
||||||
|
|
||||||
|
- name: Change ansible ssh port to 2332
|
||||||
|
set_fact:
|
||||||
|
ansible_ssh_port: '{{ ssh_port }}'
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
vars:
|
vars:
|
||||||
bench_path: "/home/{{ ansible_user_id }}/frappe-bench"
|
bench_path: "/home/{{ ansible_user_id }}/{{ bench_name }}"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
|
12
playbooks/production/includes/setup_inputrc.yml
Normal file
12
playbooks/production/includes/setup_inputrc.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
tasks:
|
||||||
|
- name: insert/update inputrc for history
|
||||||
|
blockinfile:
|
||||||
|
dest: "/home/{{ ansible_user_id }}/.inputrc"
|
||||||
|
create: yes
|
||||||
|
block: |
|
||||||
|
## arrow up
|
||||||
|
"\e[A":history-search-backward
|
||||||
|
## arrow down
|
||||||
|
"\e[B":history-search-forward
|
@ -3,60 +3,6 @@
|
|||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
- name: Add nginx apt repository key for Debian < 8
|
|
||||||
apt_key:
|
|
||||||
url: http://nginx.org/keys/nginx_signing.key
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
|
||||||
|
|
||||||
- name: Add nginx apt repository for Debian < 8
|
|
||||||
apt_repository:
|
|
||||||
repo: 'deb [arch=amd64,i386] http://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx'
|
|
||||||
state: present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
|
|
||||||
|
|
||||||
#####################################
|
|
||||||
# Ubuntu Production Environment Setup
|
|
||||||
- name: Install production pre-requisites
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
apt: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- nginx
|
|
||||||
- screen
|
|
||||||
- vim
|
|
||||||
- htop
|
|
||||||
- git
|
|
||||||
- postfix
|
|
||||||
- supervisor
|
|
||||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
||||||
|
|
||||||
#####################################
|
|
||||||
# CentOS Production Environment Setup
|
|
||||||
- name: Install production pre-requisites
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
yum: pkg={{ item }} state=present
|
|
||||||
with_items:
|
|
||||||
- nginx
|
|
||||||
- screen
|
|
||||||
- vim
|
|
||||||
- htop
|
|
||||||
- git
|
|
||||||
- postfix
|
|
||||||
- MySQL-python
|
|
||||||
when: ansible_distribution == 'CentOS'
|
|
||||||
|
|
||||||
- name: Install supervisor using yum for Centos 7
|
|
||||||
yum: pkg=supervisor state=present
|
|
||||||
become: yes
|
|
||||||
become_user: root
|
|
||||||
when: ansible_distribution == 'CentOS' and ansible_lsb.major_release == '7'
|
|
||||||
|
|
||||||
####################################################
|
####################################################
|
||||||
# Replace default nginx config with nginx template
|
# Replace default nginx config with nginx template
|
||||||
- name: Rename default nginx.conf to nginx.conf.old
|
- name: Rename default nginx.conf to nginx.conf.old
|
||||||
@ -146,12 +92,3 @@
|
|||||||
become_user: root
|
become_user: root
|
||||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||||
|
|
||||||
- name: insert/update inputrc for history
|
|
||||||
blockinfile:
|
|
||||||
dest: "/home/{{ ansible_user_id }}/.inputrc"
|
|
||||||
create: yes
|
|
||||||
block: |
|
|
||||||
## arrow up
|
|
||||||
"\e[A":history-search-backward
|
|
||||||
## arrow down
|
|
||||||
"\e[B":history-search-forward
|
|
@ -1,15 +1,9 @@
|
|||||||
---
|
---
|
||||||
- hosts: localhost
|
|
||||||
|
|
||||||
# Install the common pre-requisites for the setting up bench
|
# Install the common pre-requisites for the setting up bench
|
||||||
- include: ../develop/install.yml
|
- include: ../develop/install.yml
|
||||||
|
|
||||||
# Install the production environment
|
- include: includes/setup_inputrc.yml
|
||||||
- include: includes/setup_prod_env.yml
|
|
||||||
|
|
||||||
# Setup Bench for production environment
|
# Setup Bench for production environment
|
||||||
- include: includes/setup_bench_production.yml
|
- include: includes/setup_bench_production.yml
|
||||||
when: not run_travis
|
when: not run_travis
|
||||||
|
|
||||||
# Setup SELinux Policy, Optional can be done later
|
|
||||||
# - include: includes/setup_selinux_policy.yml
|
|
||||||
|
@ -4,6 +4,9 @@
|
|||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
# For CentOS
|
# For CentOS
|
||||||
|
- name: Enable SELinux
|
||||||
|
selinux: policy=targeted state=permissive
|
||||||
|
|
||||||
- name: Install firewalld
|
- name: Install firewalld
|
||||||
yum: name=firewalld state=present
|
yum: name=firewalld state=present
|
||||||
when: ansible_distribution == 'CentOS'
|
when: ansible_distribution == 'CentOS'
|
||||||
@ -17,7 +20,7 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- 80
|
- 80
|
||||||
- 443
|
- 443
|
||||||
- 22
|
- "{{ ssh_port }}"
|
||||||
when: ansible_distribution == 'CentOS'
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
- name: Restart Firewall
|
- name: Restart Firewall
|
||||||
@ -38,6 +41,6 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- 80
|
- 80
|
||||||
- 443
|
- 443
|
||||||
- 22
|
- "{{ ssh_port }}"
|
||||||
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
||||||
|
|
||||||
|
@ -1,42 +0,0 @@
|
|||||||
# For more information on configuration, see:
|
|
||||||
# * Official English Documentation: http://nginx.org/en/docs/
|
|
||||||
# * Official Russian Documentation: http://nginx.org/ru/docs/
|
|
||||||
|
|
||||||
{% if ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' %}
|
|
||||||
{% set nginx_user = 'www-data'%}
|
|
||||||
{% elif ansible_distribution == 'CentOS' %}
|
|
||||||
{% set nginx_user = 'nginx '%}
|
|
||||||
{% else %}
|
|
||||||
{% set nginx_user = 'nobody' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
user {{ nginx_user }};
|
|
||||||
worker_processes auto;
|
|
||||||
error_log /var/log/nginx/error.log;
|
|
||||||
pid /run/nginx.pid;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections {{ max_worker_connections }};
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
|
|
||||||
sendfile on;
|
|
||||||
tcp_nopush on;
|
|
||||||
tcp_nodelay on;
|
|
||||||
keepalive_timeout 65;
|
|
||||||
types_hash_max_size 2048;
|
|
||||||
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
|
|
||||||
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
|
||||||
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
|
||||||
# for more information.
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
|
||||||
}
|
|
@ -46,6 +46,7 @@ innodb-large-prefix = 1
|
|||||||
collation-server = utf8mb4_unicode_ci
|
collation-server = utf8mb4_unicode_ci
|
||||||
character-set-server = utf8mb4
|
character-set-server = utf8mb4
|
||||||
character-set-client-handshake = FALSE
|
character-set-client-handshake = FALSE
|
||||||
|
max_allowed_packet = 64M
|
||||||
|
|
||||||
# LOGGING #
|
# LOGGING #
|
||||||
log-error = /var/lib/mysql/mysql-error.log
|
log-error = /var/lib/mysql/mysql-error.log
|
||||||
|
Loading…
Reference in New Issue
Block a user