2
0
mirror of https://github.com/frappe/bench.git synced 2024-11-11 15:51:03 +00:00

Playbook restructure part 1

This commit is contained in:
Ameya Shenoy 2018-02-05 15:07:14 +05:30
parent c7062e1b38
commit ffd75e5158
No known key found for this signature in database
GPG Key ID: 735490161CD5C91E
92 changed files with 503 additions and 781 deletions

20
playbooks/README.md Normal file
View File

@ -0,0 +1,20 @@
# Deploying a, developer/production-ready ERPNext website with Ansible
## Supported Platforms
- Debian 8, 9
- Ubuntu 14.04, 16.04
- CentOS 7
## Directory Structure
TODO
## Notes for maintainers
- For MariaDB playbooks refer https://github.com/PCextreme/ansible-role-mariadb
- Any changes made in relation to a role should be dont inside the role and not outside it
# TODO:
1. Planned Platform
- Arch Linux
- Fedora
- RedHat
2. Consider reffering to https://github.com/geerlingguy/ansible-role-mysql.git for MariaDB playbook

View File

View File

@ -1,4 +1,5 @@
---
- hosts: localhost
tasks:
- name: Create user
@ -30,4 +31,6 @@
owner: '{{ frappe_user }}'
group: '{{ frappe_user }}'
recurse: yes
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian'
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian'
...

View File

@ -1,54 +0,0 @@
---
- name: Check if ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
- name: get erpnext
command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
args:
creates: "{{ bench_path }}/apps/erpnext"
chdir: "{{ bench_path }}"
when: not app.stat.exists
- name: Check whether a site called site1.local exists
stat: path="{{ bench_path }}/sites/site1.local"
register: site_folder
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/conf.d/settings.cnf
block: |
# Import all .cnf files from configuration directory
!includedir /etc/mysql/mariadb.conf.d/
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
block: |
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
create: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: restart mysql
service: name=mysql state=restarted
become: yes
become_user: root
- name: create a new default site
command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: install erpnext to default site
command: bench --site site1.local install-app erpnext
args:
chdir: "{{ bench_path }}"

View File

@ -1,38 +0,0 @@
---
- hosts: localhost
tasks:
- name: Install SELinux for CentOS
yum: name="{{item}}" state=present
with_items:
- policycoreutils-python
- selinux-policy-devel
become: yes
become_user: root
when: ansible_distribution == 'CentOS'
- name: Install SELinux for Ubuntu
apt: name={{ item }} state=present
with_items:
- selinux
- selinux-policy-dev
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu'
- name: Check enabled SELinux modules
shell: semanage module -l
register: enabled_modules
- name: Copy frappe_selinux policy
copy: src=templates/frappe_selinux.te dest=/root/frappe_selinux.te
register: dest_frappe_selinux_te
become: yes
become_user: root
- name: Compile frappe_selinux policy
shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp"
args:
chdir: /root/
become: yes
become_user: root
when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"

View File

@ -1,25 +0,0 @@
---
- hosts: localhost
- include_tasks: ../prerequisites/install_prerequisites.yml
when: ansible_distribution != 'MacOSX'
- include_tasks: ../prerequisites/install_roles.yml
when: ansible_distribution != 'MacOSX'
- include_tasks: macosx.yml
when: ansible_distribution == 'MacOSX'
- name: setup bench and dev environment
hosts: localhost
vars:
bench_repo_path: "/home/{{ frappe_user }}/.bench"
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
tasks:
# setup frappe-bench
- include_tasks: includes/setup_bench.yml
when: not run_travis and not without_bench_setup
# setup development environment
- include_tasks: includes/setup_dev_env.yml
when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')

View File

@ -1,7 +0,0 @@
# MariaDB 10.1 CentOS repository list - created 2016-03-18 09:56 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos{{ ansible_lsb.major_release }}-{{ "amd64" if ansible_architecture == "x86_64" else "x86"}}
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

17
playbooks/install.py Executable file → Normal file
View File

@ -13,8 +13,8 @@ def install_bench(args):
success = run_os_command({
'apt-get': [
'sudo apt-get update',
'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
'sudo apt-get update'
# 'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
],
'yum': [
'sudo yum groupinstall -y "Development tools"',
@ -93,7 +93,7 @@ def install_bench(args):
repo_path = os.path.join(os.path.expanduser('~'), 'bench')
extra_vars.update(repo_path=repo_path)
run_playbook('prerequisites/create_user.yml', extra_vars=extra_vars)
run_playbook('create_user.yml', extra_vars=extra_vars)
extra_vars.update(get_passwords(args))
if args.production:
@ -105,11 +105,12 @@ def install_bench(args):
bench_name = 'frappe-bench' if not args.bench_name else args.bench_name
extra_vars.update(bench_name=bench_name)
if args.develop:
run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars)
# Will install ERPNext production setup by default
run_playbook('site.yml', sudo=True, extra_vars=extra_vars)
elif args.production:
run_playbook('production/install.yml', sudo=True, extra_vars=extra_vars)
# # Will do changes for production if --production flag is passed
# if args.production:
# run_playbook('production.yml', sudo=True, extra_vars=extra_vars)
if os.path.exists(tmp_bench_repo):
shutil.rmtree(tmp_bench_repo)
@ -147,7 +148,7 @@ def install_python27():
# install python 2.7
success = run_os_command({
'apt-get': 'sudo apt-get install -y python2.7',
'apt-get': 'sudo apt-get install -y python-dev',
'yum': 'sudo yum install -y python27',
'brew': 'brew install python'
})

View File

@ -22,7 +22,7 @@
- wkhtmltopdf
- name: configure mariadb
include_tasks: ../prerequisites/roles/mariadb/tasks/main.yml
include: ../prerequisites/roles/mariadb/tasks/main.yml
vars:
mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
@ -30,9 +30,10 @@
pip: name=mysql-python version=1.2.5
# setup frappe-bench
- include_tasks: includes/setup_bench.yml
- include: includes/setup_bench.yml
# setup development environment
- include_tasks: includes/setup_dev_env.yml
- include: includes/setup_dev_env.yml
when: not production
...

View File

@ -1,21 +0,0 @@
---
- name: Setup OpenSSL dependancy
pip: name=pyOpenSSL version=16.2.0
- name: install pillow prerequisites for Debian < 8
apt: pkg={{ item }} state=present
with_items:
- libjpeg8-dev
- libtiff4-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('8', 'lt')
- name: install pillow prerequisites for Debian >= 8
apt: pkg={{ item }} state=present
with_items:
- libjpeg62-turbo-dev
- libtiff5-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('8', 'ge')

View File

@ -1,97 +0,0 @@
---
#- include_tasks: setup_essentials.yml
- name: "Setup prerequisites"
hosts: localhost
become: yes
become_user: root
tasks:
- name: Install yum packages
yum: name={{ item }} state=present
with_items:
- bzip2-devel
- cronie
- dnsmasq
- freetype-devel
- git
- htop
- lcms2-devel
- libjpeg-devel
- libtiff-devel
- libffi-devel
- libwebp-devel
- libXext
- libXrender
- libzip-devel
- libffi-devel
- ntp
- openssl-devel
- postfix
- python-devel
- python-setuptools
- python-pip
- redis
- screen
- sudo
- tcl-devel
- tk-devel
- vim
- which
- xorg-x11-fonts-75dpi
- xorg-x11-fonts-Type1
- zlib-devel
- openssl-devel
- openldap-devel
when: ansible_os_family == 'RedHat'
# Prerequisite for Debian and Ubuntu
- name: Install apt packages
apt: pkg={{ item }} state=present force=yes
with_items:
- build-essential
- software-properties-common
- dnsmasq
- fontconfig
- git
- htop
- libcrypto++-dev
- libfreetype6-dev
- liblcms2-dev
- libssl-dev
- libwebp-dev
- libxext6
- libxrender1
- libxslt1-dev
- libxslt1.1
- libffi-dev
- ntp
- postfix
- python-dev
- python-pip
- python-tk
- redis-server
- screen
- vim
- xfonts-75dpi
- xfonts-base
- zlib1g-dev
- apt-transport-https
- libsasl2-dev
- libldap2-dev
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- include_tasks: debian.yml
when: ansible_distribution == 'Debian'
# Prerequisite for MACOS
- name: install prequisites for macos
homebrew: name={{ item }} state=present
with_items:
- cmake
- redis
- mariadb
- nodejs
when: ansible_distribution == 'MacOSX'

View File

@ -1,36 +0,0 @@
---
- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil
hosts: localhost
become: yes
become_user: root
vars:
- mysql_conf_tpl: files/mariadb_config.cnf
- nginx_conf_file: files/nginx.conf
- mysql_secure_installation: True
roles:
- { role: locale, tags: "locale" }
- { role: swap, tags: "swap", when: production }
- { role: logwatch, tags: "logwatch", when: production }
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
- { role: dns_caching, tags: "dns_caching", when: production }
- { role: ntpd, tags: "ntpd", when: production }
- { role: mariadb, tags: "mariadb" }
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
- { role: nodejs, tags: "nodejs" }
- { role: psutil, tags: "psutil" }
- { role: supervisor, tags: "supervisor", when: production }
- { role: nginx, tags: "nginx", when: production }
- { role: fail2ban, tags: "fail2ban" , when: production }
tasks:
- name: Set hostname
hostname: name='{{ hostname }}'
when: hostname is defined and production
- name: Start NTPD
service: name=ntpd state=started
when: ansible_distribution == 'CentOS' and production
- name: Start NTPD
service: name=ntp state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production

View File

@ -1,3 +0,0 @@
---
- name: Setup bash screen wall
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh

View File

@ -1,2 +0,0 @@
locale_keymap: us
locale_lang: en_US.utf8

View File

@ -1,19 +0,0 @@
---
galaxy_info:
author: "Attila van der Velde"
description: "Installs MariaDB"
company: "PCextreme B.V."
license: "license (MIT, BSD)"
min_ansible_version: 1.8
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- trusty
categories:
- database:sql
dependencies: []

View File

@ -1,31 +0,0 @@
---
- include_tasks: centos.yml
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- name: Add configuration
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
notify: restart mysql
- include_tasks: debian.yml
when: ansible_distribution == 'Debian'
- name: Add configuration
template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
notify: restart mysql
- name: Start and enable service
service: name=mysql state=started enabled=yes
- debug:
msg: "{{ mysql_root_password }}"
- include_tasks: mysql_secure_installation.yml
when: mysql_root_password is defined
- debug: var=mysql_secure_installation
when: mysql_secure_installation and mysql_root_password is defined

View File

@ -1,35 +0,0 @@
---
language: python
python: "2.7"
env:
- SITE=test.yml
before_install:
- sudo apt-get update -qq
- sudo apt-get install -y curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# TODO - get the test working. Probably need to add a virtual host.
# Request a page via Nginx, to make sure Nginx is running and responds.
# - "curl http://localhost/"

View File

@ -1,51 +0,0 @@
user {{ nginx_user }};
error_log {{ nginx_error_log }};
pid /var/run/nginx.pid;
worker_processes {{ nginx_worker_processes }};
events {
worker_connections {{ nginx_worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 64;
client_max_body_size {{ nginx_client_max_body_size }};
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ nginx_access_log }};
sendfile {{ nginx_sendfile }};
tcp_nopush {{ nginx_tcp_nopush }};
tcp_nodelay {{ nginx_tcp_nodelay }};
keepalive_timeout {{ nginx_keepalive_timeout }};
keepalive_requests {{ nginx_keepalive_requests }};
#gzip on;
{% if nginx_proxy_cache_path %}
proxy_cache_path {{ nginx_proxy_cache_path }};
{% endif %}
{% for upstream in nginx_upstreams %}
upstream {{ upstream.name }} {
{% if upstream.strategy is defined %}
{{ upstream.strategy }};
{% endif %}
{% for server in upstream.servers %}
server {{ server }};
{% endfor %}
}
{% endfor %}
include {{ nginx_vhost_path }}/*;
}

View File

@ -1 +0,0 @@
swap_size_mb: 1024

View File

@ -1,48 +0,0 @@
---
- name: Setup Essentials
hosts: localhost
become: yes
become_user: root
tasks:
- name: Install the 'Development tools' package group (Redhat)
yum: name="@Development tools" state=present
when: ansible_os_family == 'RedHat'
- name: Install EPEL
yum: name='epel-release' state=present
when: ansible_os_family == 'RedHat'
- name: Install libselinux-python
yum: name={{ item }} state=present
with_items:
- python-devel
- python-setuptools
- python-pip
- libselinux-python
when: ansible_os_family == 'RedHat'
- name: Add dotdeb apt repository key for Debian < 8
apt_key:
url: http://www.dotdeb.org/dotdeb.gpg
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Add dotdeb apt repository for redis-server for Debian < 8
apt_repository:
repo: 'deb http://packages.dotdeb.org wheezy all'
state: present
become: yes
become_user: root
when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
- name: Install python selinux
apt: pkg={{ item }} state=present force=yes
with_items:
- build-essential
- python-dev
- python-pip
- python-selinux
when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu'

View File

@ -1,2 +0,0 @@
---
- include_tasks: ../prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml

View File

@ -1,18 +0,0 @@
---
- name: install pillow prerequisites for Ubuntu < 14.04
apt: pkg={{ item }} state=present force=yes
with_items:
- libjpeg8-dev
- libtiff4-dev
- tcl8.5-dev
- tk8.5-dev
when: ansible_distribution_version | version_compare('14.04', 'lt')
- name: install pillow prerequisites for Ubuntu >= 14.04
apt: pkg={{ item }} state=present force=yes
with_items:
- libjpeg8-dev
- libtiff5-dev
- tcl8.6-dev
- tk8.6-dev
when: ansible_distribution_version | version_compare('14.04', 'ge')

View File

@ -1,90 +0,0 @@
---
- hosts: localhost
vars:
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
tasks:
# In case we are re-running the script, we would like to skip the site creation
- name: Check whether a site exists
stat: path="{{ bench_path }}/sites/{{ site }}"
register: site_folder
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/conf.d/settings.cnf
block: |
# Import all .cnf files from configuration directory
!includedir /etc/mysql/mariadb.conf.d/
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
block: |
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
create: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: restart mysql
service: name=mysql state=restarted
become: yes
become_user: root
- name: Create new site
command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: Check ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
# In case we are re-running the script, we would like to skip getting ERPNext App
- name: Get-app erpnext app
command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
args:
chdir: '{{ bench_path }}'
when: not app.stat.exists
- name: Install erpnext app
command: bench --site {{ site }} install-app erpnext
args:
chdir: '{{ bench_path }}'
- name: Change permissions for frappe home folder
become: yes
become_user: root
file:
dest: '/home/{{ frappe_user }}'
owner: '{{ frappe_user }}'
group: '{{ frappe_user }}'
mode: 0755
recurse: yes
state: directory
- name: Setup production
become: yes
become_user: root
command: bench setup production {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Setup Sudoers
become: yes
become_user: root
command: bench setup sudoers {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Restart the bench
command: bench restart
args:
chdir: '{{ bench_path }}'

View File

@ -1,12 +0,0 @@
---
- hosts: localhost
tasks:
- name: insert/update inputrc for history
blockinfile:
dest: "/home/{{ frappe_user }}/.inputrc"
create: yes
block: |
## arrow up
"\e[A":history-search-backward
## arrow down
"\e[B":history-search-forward

View File

@ -1,94 +0,0 @@
---
- hosts: localhost
tasks:
####################################################
# Replace default nginx config with nginx template
- name: Rename default nginx.conf to nginx.conf.old
command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old
become: yes
become_user: root
- name: Copy the nginx_config template
template:
src: ../templates/default_nginx.j2
dest: /etc/nginx/nginx.conf
become: yes
become_user: root
- name: Reload the nginx service
service:
name: nginx
state: restarted
become: yes
become_user: root
######################################################
# Set InnoDB Buffer Pool size to half of total RAM
- name: Set InnoDB buffer pool
lineinfile: >
dest=/etc/my.cnf.d/frappe.cnf
regexp="^\[mysqld\]$"
line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
state=present
when: ansible_distribution == 'CentOS'
become: yes
become_user: root
- name: Set InnoDB buffer pool
lineinfile: >
dest=/etc/mysql/conf.d/frappe.cnf
regexp="^\[mysqld\]$"
line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
state=present
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
become: yes
become_user: root
####################################################
# Enable nginx, mysql, redis and supevisord services
- name: Enable nginx, mysql, and redis
service:
name: '{{ item }}'
enabled: yes
with_items:
- nginx
- mysql
become: yes
become_user: root
- name: Enable redis.service on centos
service:
name: redis
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'CentOS'
- name: Enable redis-server.service on ubuntu
service:
name: redis-server
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Check whether default supervisor.conf exists
service:
name: supervisord
state: started
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'CentOS'
- name: Check whether default supervisor.conf exists
service:
name: supervisor
state: started
enabled: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'

View File

@ -1,9 +0,0 @@
---
# Install the common pre-requisites for the setting up bench
- include_tasks: ../develop/install.yml
- include_tasks: includes/setup_inputrc.yml
# Setup Bench for production environment
- include_tasks: includes/setup_bench_production.yml
when: not run_travis

View File

@ -0,0 +1,4 @@
---
- name: Setup bash screen wall
copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh
...

View File

@ -1,19 +1,20 @@
- name: Change ssh port
gather_facts: false
hosts: localhost
user: root
tasks:
- name: change sshd config
lineinfile: >
dest=/etc/ssh/sshd_config
regexp="^Port"
line="Port {{ ssh_port }}"
state=present
- name: restart ssh
service: name=sshd state=reloaded
- name: Change ansible ssh port to 2332
set_fact:
ansible_ssh_port: '{{ ssh_port }}'
---
- name: Change ssh port
gather_facts: false
hosts: localhost
user: root
tasks:
- name: change sshd config
lineinfile: >
dest=/etc/ssh/sshd_config
regexp="^Port"
line="Port {{ ssh_port }}"
state=present
- name: restart ssh
service: name=sshd state=reloaded
- name: Change ansible ssh port to 2332
set_fact:
ansible_ssh_port: '{{ ssh_port }}'
...

View File

@ -46,3 +46,15 @@
args:
creates: "{{ bench_path }}/apps/frappe"
chdir: "{{ bench_path }}"
- include_tasks: setup_dev_env.yml
when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')
- include_tasks: setup_inputrc.yml
# Setup Bench for production environment
- include_tasks: setup_bench_production.yml
vars:
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
when: not run_travis and production
...

View File

@ -0,0 +1,58 @@
---
# In case we are re-running the script, we would like to skip the site creation
- name: Check whether a site exists
stat: path="{{ bench_path }}/sites/{{ site }}"
register: site_folder
- name: Create new site
command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: Check ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
# In case we are re-running the script, we would like to skip getting ERPNext App
- name: Get-app erpnext app
command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
args:
chdir: '{{ bench_path }}'
when: not app.stat.exists
- name: Install erpnext app
command: bench --site {{ site }} install-app erpnext
args:
chdir: '{{ bench_path }}'
- name: Change permissions for frappe home folder
become: yes
become_user: root
file:
dest: '/home/{{ frappe_user }}'
owner: '{{ frappe_user }}'
group: '{{ frappe_user }}'
mode: 0755
recurse: yes
state: directory
- name: Setup production
become: yes
become_user: root
command: bench setup production {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Setup Sudoers
become: yes
become_user: root
command: bench setup sudoers {{ frappe_user }}
args:
chdir: '{{ bench_path }}'
- name: Restart the bench
command: bench restart
args:
chdir: '{{ bench_path }}'
...

View File

@ -1,5 +1,4 @@
---
# Setup Procfile
- name: setup procfile
command: bench setup procfile
@ -17,4 +16,6 @@
# Setup an ERPNext site called site1.local
- include_tasks: includes/setup_erpnext.yml
- include_tasks: setup_erpnext.yml
hosts: localhost
...

View File

@ -0,0 +1,28 @@
---
- name: Check if ERPNext App exists
stat: path="{{ bench_path }}/apps/erpnext"
register: app
- name: get erpnext
command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
args:
creates: "{{ bench_path }}/apps/erpnext"
chdir: "{{ bench_path }}"
when: not app.stat.exists
- name: Check whether a site called site1.local exists
stat: path="{{ bench_path }}/sites/site1.local"
register: site_folder
- name: create a new default site
command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
args:
chdir: "{{ bench_path }}"
when: not site_folder.stat.exists
- name: install erpnext to default site
command: bench --site site1.local install-app erpnext
args:
chdir: "{{ bench_path }}"
...

View File

@ -1,3 +1,4 @@
---
- name: Setup Firewall
user: root
hosts: localhost
@ -47,4 +48,4 @@
- 443
- "{{ ssh_port }}"
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
...

View File

@ -0,0 +1,11 @@
---
- name: insert/update inputrc for history
blockinfile:
dest: "/home/{{ frappe_user }}/.inputrc"
create: yes
block: |
## arrow up
"\e[A":history-search-backward
## arrow down
"\e[B":history-search-forward
...

View File

@ -0,0 +1,56 @@
---
- name: Install prerequisites using apt-get
become: yes
become_user: root
apt: pkg={{ item }} state=present force=yes
with_items:
- dnsmasq
- fontconfig
- git # Version control
- htop # Server stats
- libcrypto++-dev
- libfreetype6-dev
- liblcms2-dev
- libssl-dev
- libwebp-dev
- libxext6
- libxrender1
- libxslt1-dev
- libxslt1.1
- libffi-dev
- ntp # Clock synchronization
- postfix # Mail Server
- python-dev # Installing python developer suite
- python3-dev
- python-tk # Why !?
- screen
- vim
- xfonts-75dpi
- xfonts-base
- zlib1g-dev
- apt-transport-https
- libsasl2-dev
- libldap2-dev
- name: Install pillow prerequisites for Debian < 8 and Ubuntu < 14.04
apt: pkg={{ item }} state=present force=yes
with_items:
- libjpeg8-dev
- libtiff4-dev
- tcl8.5-dev
- tk8.5-dev
when: (ansible_distribution == "Debian" and ansible_distribution_major_version < "8") or
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "14")
- name: Install pillow prerequisites for Debian >= 8 and Ubuntu >= 14.04
apt: pkg={{ item }} state=present force=yes
with_items:
- libjpeg8-dev
- libtiff5-dev
- tcl8.6-dev
- tk8.6-dev
when: (ansible_distribution == "Debian" and ansible_distribution_major_version >= "8") or
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version >= "16")
...

View File

@ -0,0 +1,37 @@
---
- hosts: localhost
become: yes
become_user: root
vars:
bench_repo_path: "/Users/{{ ansible_user_id }}/.bench"
bench_path: "/Users/{{ ansible_user_id }}/frappe-bench"
tasks:
# install pre-requisites
- name: install prequisites
homebrew: name={{ item }} state=present
with_items:
- cmake
- redis
- mariadb
- nodejs
# install wkhtmltopdf
- name: cask installs
homebrew_cask: name={{ item }} state=present
with_items:
- wkhtmltopdf
- name: configure mariadb
include_tasks: ../prerequisites/roles/mariadb/tasks/main.yml
vars:
mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
# setup frappe-bench
- include_tasks: includes/setup_bench.yml
# setup development environment
- include_tasks: includes/setup_dev_env.yml
when: not production
...

View File

@ -0,0 +1,6 @@
---
# Install's prerequisites, like fonts, image libraries, vim, screen, python-dev and gcc
- include_tasks: debian.yml
when: ansible_os_family == 'Debian'
...

View File

@ -0,0 +1,44 @@
---
- name: "Setup prerequisites"
become: yes
become_user: root
tasks:
- name: Install yum packages
yum: name={{ item }} state=present
with_items:
- bzip2-devel
- cronie
- dnsmasq
- freetype-devel
- git
- htop
- lcms2-devel
- libjpeg-devel
- libtiff-devel
- libffi-devel
- libwebp-devel
- libXext
- libXrender
- libzip-devel
- libffi-devel
- ntp
- openssl-devel
- postfix
- python-devel
- python-setuptools
- python-pip
- redis
- screen
- sudo
- tcl-devel
- tk-devel
- vim
- which
- xorg-x11-fonts-75dpi
- xorg-x11-fonts-Type1
- zlib-devel
- openssl-devel
- openldap-devel
...

View File

@ -1,3 +1,4 @@
---
- name: restart network manager
- name: Restart network manager
service: name=NetworkManager state=restarted
...

View File

@ -1,14 +1,14 @@
---
- name: check NetworkManager.conf exists
- name: Check NetworkManager.conf exists
stat:
path: /etc/NetworkManager/NetworkManager.conf
register: result
- name: unmask NetworkManager service
- name: Unmask NetworkManager service
command: systemctl unmask NetworkManager
when: result.stat.exists
- name: add dnsmasq to network config
- name: Add dnsmasq to network config
lineinfile: >
dest=/etc/NetworkManager/NetworkManager.conf
regexp="dns="
@ -17,4 +17,4 @@
when: result.stat.exists
notify:
- restart network manager
...

View File

@ -6,13 +6,6 @@
- selinux-policy-devel
when: ansible_distribution == 'CentOS'
# - name: Install SELinux for Ubuntu
# apt: name={{ item }} state=present
# with_items:
# - selinux
# - selinux-policy-dev
# when: ansible_distribution == 'Ubuntu'
- name: Check enabled SELinux modules
shell: semanage module -l
register: enabled_modules
@ -28,4 +21,4 @@
args:
chdir: /root/
when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"
...

View File

@ -0,0 +1,4 @@
---
locale_keymap: us
locale_lang: en_US.utf8
...

View File

@ -6,15 +6,16 @@
- name: Set Locale
command: "localectl set-locale LANG={{ locale_lang }}"
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1
when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG=locale_lang') == -1
- name: Set keymap
command: "localectl set-keymap {{ locale_keymap }}"
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1"
when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap:locale_keymap') == -1"
- name: Set Locale as en_US
lineinfile: dest=/etc/environment backup=yes line="{{ item }}"
with_items:
- "LC_ALL=en_US.UTF-8"
- "LC_CTYPE=en_US.UTF-8"
- "LANG=en_US.UTF-8"
- "LANG=en_US.UTF-8"
...

View File

@ -1,3 +1,4 @@
---
logwatch_emails: "{{ admin_emails }}"
logwatch_detail: High
...

View File

@ -9,4 +9,5 @@
- name: Copy logwatch config
template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes
when: admin_emails is defined
when: admin_emails is defined
...

View File

@ -5,3 +5,4 @@ mysql_conf_tpl: change_me
mysql_conf_file: settings.cnf
mysql_secure_installation: false
...

View File

@ -1,3 +1,4 @@
---
- name: restart mysql
service: name=mysql state=restarted
...

View File

@ -6,7 +6,4 @@
yum: name={{ item }} enablerepo=mariadb state=present
with_items:
- MariaDB-server
- MariaDB-client
- MySQL-python
- MariaDB-devel
...

View File

@ -28,3 +28,4 @@
- mariadb-common
- libmariadbclient18
- python-mysqldb
...

View File

@ -0,0 +1,54 @@
---
- include_tasks: centos.yml
when: ansible_distribution == 'CentOS'
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- name: Add configuration
template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
notify: restart mysql
- include_tasks: debian.yml
when: ansible_distribution == 'Debian'
- name: Add configuration
template: src=debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
notify: restart mysql
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/conf.d/settings.cnf
block: |
# Import all .cnf files from configuration directory
!includedir /etc/mysql/mariadb.conf.d/
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
blockinfile:
path: /etc/mysql/mariadb.conf.d/erpnext.cnf
block: |
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
create: yes
become: yes
become_user: root
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
- name: Start and enable service
service: name=mysql state=started enabled=yes
- debug:
msg: "{{ mysql_root_password }}"
- include_tasks: mysql_secure_installation.yml
when: mysql_root_password is defined
- debug: var=mysql_secure_installation
when: mysql_secure_installation and mysql_root_password is defined
...

View File

@ -80,3 +80,4 @@
- name: start mysql mac
command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
when: ansible_distribution == 'MacOSX'
...

View File

@ -25,7 +25,5 @@
apt: pkg={{ item }} state=present
with_items:
- mariadb-server
- mariadb-client
- mariadb-common
- libmariadbclient18
- python-mysqldb
- python-mysqldb # required to set the MySQL password using ansible
...

View File

@ -4,3 +4,6 @@ mysql_conf_dir:
"Ubuntu": /etc/mysql/conf.d
"Debian": /etc/mysql/conf.d
"MacOSX": /usr/local/etc/my.cnf.d
mysql_conf_tpl: files/mariadb_config.cnf
mysql_secure_installation: True
...

View File

@ -48,3 +48,4 @@
service: name=nginx state=started enabled=yes
- include_tasks: vhosts.yml
...

View File

@ -30,31 +30,31 @@ http {
# keepalive_timeout 10;
# keepalive_requests 10;
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
;
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/font-woff
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
;
server_names_hash_max_size 4096;
@ -67,8 +67,8 @@ http {
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
client_max_body_size 50m;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
large_client_header_buffers 4 32k;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=web-cache:8m max_size=1000m inactive=600m;

View File

@ -6,7 +6,7 @@
- ntpdate
when: ansible_distribution == 'CentOS'
- name: enable ntpd
- name: Enable ntpd
service: name=ntpd enabled=yes state=started
when: ansible_distribution == 'CentOS'
@ -17,7 +17,7 @@
- ntpdate
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: enable ntpd
- name: Enable ntpd
service: name=ntp enabled=yes state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
...

View File

@ -0,0 +1,21 @@
---
- name: Install yum packages
yum: name={{ item }} state=present
with_items:
- redis
when: ansible_os_family == 'RedHat'
# Prerequisite for Debian and Ubuntu
- name: Install apt packages
apt: pkg={{ item }} state=present force=yes
with_items:
- redis-server
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
# Prerequisite for MACOS
- name: install prequisites for macos
homebrew: name={{ item }} state=present
with_items:
- redis
when: ansible_distribution == 'MacOSX'
...

View File

@ -0,0 +1,3 @@
---
swap_size_mb: 1024
...

View File

@ -35,3 +35,4 @@
file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
become: true
become_user: root
...

48
playbooks/site.yml Normal file
View File

@ -0,0 +1,48 @@
---
# This is the master playbook that deploys the whole Frappe and ERPNext stack
- hosts: localhost
become: yes
become_user: root
roles:
- common
- { role: locale, tags: "locale" }
- { role: swap, tags: "swap", when: production }
- { role: logwatch, tags: "logwatch", when: production }
- { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
- { role: frappe_selinux, tags: "frappe_selinux", when: production }
- { role: dns_caching, tags: "dns_caching", when: production }
- { role: ntpd, tags: "ntpd", when: production }
- { role: mariadb, tags: "mariadb" }
- { role: wkhtmltopdf, tags: "wkhtmltopdf" }
- { role: nodejs, tags: "nodejs" }
- { role: psutil, tags: "psutil" }
- { role: redis, tags: "redis" }
- { role: supervisor, tags: "supervisor", when: production }
- { role: nginx, tags: "nginx", when: production }
- { role: fail2ban, tags: "fail2ban", when: production }
tasks:
- name: Set hostname
hostname: name='{{ hostname }}'
when: hostname is defined and production
- name: Start NTPD
service: name=ntpd state=started
when: ansible_distribution == 'CentOS' and production
- name: Start NTPD
service: name=ntp state=started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production
- include_tasks: macosx.yml
when: ansible_distribution == 'MacOSX'
- name: setup bench and dev environment
hosts: localhost
vars:
bench_repo_path: "/home/{{ frappe_user }}/.bench"
bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
roles:
# setup frappe-bench
- { role: bench, tags: "bench", when: not run_travis and not without_bench_setup }
...