Playbook restructure part 1

playbooks/README.md

@@ -0,0 +1,20 @@
+# Deploying a, developer/production-ready ERPNext website with Ansible
+
+## Supported Platforms
+	- Debian 8, 9
+	- Ubuntu 14.04, 16.04
+	- CentOS 7
+
+## Directory Structure
+	TODO
+
+## Notes for maintainers
+	- For MariaDB playbooks refer https://github.com/PCextreme/ansible-role-mariadb 
+	- Any changes made in relation to a role should be dont inside the role and not outside it
+
+# TODO:
+1. Planned Platform
+	- Arch Linux
+	- Fedora
+	- RedHat
+2. Consider reffering to https://github.com/geerlingguy/ansible-role-mysql.git for MariaDB playbook

playbooks/create_user.yml

@@ -1,4 +1,5 @@
 ---
+
   - hosts: localhost
     tasks:
     - name: Create user
@@ -31,3 +32,5 @@
         group: '{{ frappe_user }}'
         recurse: yes
       when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'CentOS' or ansible_distribution == 'Debian'
+
+...

playbooks/develop/includes/setup_erpnext.yml

@@ -1,54 +0,0 @@
----
-  - name: Check if ERPNext App exists
-    stat: path="{{ bench_path }}/apps/erpnext"
-    register: app
-
-  - name: get erpnext
-    command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
-    args:
-      creates: "{{ bench_path }}/apps/erpnext"
-      chdir: "{{ bench_path }}"
-    when: not app.stat.exists
-
-  - name: Check whether a site called site1.local exists
-    stat: path="{{ bench_path }}/sites/site1.local"
-    register: site_folder
-
-  - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
-    blockinfile:
-      path: /etc/mysql/conf.d/settings.cnf
-      block: |
-        # Import all .cnf files from configuration directory
-        !includedir /etc/mysql/mariadb.conf.d/
-    become: yes
-    become_user: root
-    when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-
-  - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
-    blockinfile:
-      path: /etc/mysql/mariadb.conf.d/erpnext.cnf
-      block: |
-        [mysqld]
-        pid-file        = /var/run/mysqld/mysqld.pid
-        socket          = /var/run/mysqld/mysqld.sock
-      create: yes
-    become: yes
-    become_user: root
-    when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-
-  - name: restart mysql
-    service: name=mysql state=restarted
-    become: yes
-    become_user: root
-
-  - name: create a new default site 
-    command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
-    args:
-      chdir: "{{ bench_path }}"
-    when: not site_folder.stat.exists
-
-  - name: install erpnext to default site
-    command: bench --site site1.local install-app erpnext
-    args:
-      chdir: "{{ bench_path }}"
-

playbooks/develop/includes/setup_selinux_policy.yml

@@ -1,38 +0,0 @@
----
-- hosts: localhost
-  tasks:
-    - name: Install SELinux for CentOS
-      yum: name="{{item}}" state=present
-      with_items:
-        - policycoreutils-python
-        - selinux-policy-devel
-      become: yes
-      become_user: root
-      when: ansible_distribution == 'CentOS'
-
-    - name: Install SELinux for Ubuntu
-      apt: name={{ item }} state=present
-      with_items:
-       - selinux
-       - selinux-policy-dev
-      become: yes
-      become_user: root
-      when: ansible_distribution == 'Ubuntu'
-
-    - name: Check enabled SELinux modules
-     shell: semanage module -l
-     register: enabled_modules
-
-    - name: Copy frappe_selinux policy
-      copy: src=templates/frappe_selinux.te dest=/root/frappe_selinux.te
-      register: dest_frappe_selinux_te
-      become: yes
-      become_user: root
-
-    - name: Compile frappe_selinux policy
-      shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp"
-      args:
-      chdir: /root/
-      become: yes
-      become_user: root
-      when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"

playbooks/develop/install.yml

@@ -1,25 +0,0 @@
----
-- hosts: localhost
-
-- include_tasks: ../prerequisites/install_prerequisites.yml
-  when: ansible_distribution != 'MacOSX'
-
-- include_tasks: ../prerequisites/install_roles.yml
-  when: ansible_distribution != 'MacOSX'
-
-- include_tasks: macosx.yml
-  when: ansible_distribution == 'MacOSX'
-
-- name: setup bench and dev environment
-  hosts: localhost
-  vars:
-    bench_repo_path: "/home/{{ frappe_user }}/.bench"
-    bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
-  tasks:
-  # setup frappe-bench
-  - include_tasks: includes/setup_bench.yml
-    when: not run_travis and not without_bench_setup
-
-  # setup development environment
-  - include_tasks: includes/setup_dev_env.yml
-    when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')

playbooks/develop/templates/mariadb_centos.repo

@@ -1,7 +0,0 @@
-# MariaDB 10.1 CentOS repository list - created 2016-03-18 09:56 UTC
-# http://mariadb.org/mariadb/repositories/
-[mariadb]
-name = MariaDB
-baseurl = http://yum.mariadb.org/10.1/centos{{ ansible_lsb.major_release }}-{{ "amd64" if ansible_architecture == "x86_64" else "x86"}}
-gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
-gpgcheck=1

playbooks/install.py

@@ -13,8 +13,8 @@ def install_bench(args):
 
 	success = run_os_command({
 		'apt-get': [
-			'sudo apt-get update',
+			'sudo apt-get update'
-			'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
+			# 'sudo apt-get install -y git build-essential python-setuptools python-dev libffi-dev libssl-dev'
 		],
 		'yum': [
 			'sudo yum groupinstall -y "Development tools"',
@@ -93,7 +93,7 @@ def install_bench(args):
 		repo_path = os.path.join(os.path.expanduser('~'), 'bench')
 
 	extra_vars.update(repo_path=repo_path)
-	run_playbook('prerequisites/create_user.yml', extra_vars=extra_vars)
+	run_playbook('create_user.yml', extra_vars=extra_vars)
 
 	extra_vars.update(get_passwords(args))
 	if args.production:
@@ -105,11 +105,12 @@ def install_bench(args):
 	bench_name = 'frappe-bench' if not args.bench_name else args.bench_name
 	extra_vars.update(bench_name=bench_name)
 
-	if args.develop:
+	# Will install ERPNext production setup by default
-		run_playbook('develop/install.yml', sudo=True, extra_vars=extra_vars)
+	run_playbook('site.yml', sudo=True, extra_vars=extra_vars)
 
-	elif args.production:
+	# # Will do changes for production if --production flag is passed
-		run_playbook('production/install.yml', sudo=True, extra_vars=extra_vars)
+	# if args.production:
+	# 	run_playbook('production.yml', sudo=True, extra_vars=extra_vars)
 
 	if os.path.exists(tmp_bench_repo):
 		shutil.rmtree(tmp_bench_repo)
@@ -147,7 +148,7 @@ def install_python27():
 
 	# install python 2.7
 	success = run_os_command({
-		'apt-get': 'sudo apt-get install -y python2.7',
+		'apt-get': 'sudo apt-get install -y python-dev',
 		'yum': 'sudo yum install -y python27',
 		'brew': 'brew install python'
 	})

playbooks/macosx.yml

@@ -22,7 +22,7 @@
         - wkhtmltopdf
 
     - name: configure mariadb
-      include_tasks: ../prerequisites/roles/mariadb/tasks/main.yml
+      include: ../prerequisites/roles/mariadb/tasks/main.yml
       vars:
         mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
 
@@ -30,9 +30,10 @@
       pip: name=mysql-python version=1.2.5
 
     # setup frappe-bench
-    - include_tasks: includes/setup_bench.yml
+    - include: includes/setup_bench.yml
 
     # setup development environment
-    - include_tasks: includes/setup_dev_env.yml
+    - include: includes/setup_dev_env.yml
       when: not production
 
+...

playbooks/prerequisites/debian.yml

@@ -1,21 +0,0 @@
----
-- name: Setup OpenSSL dependancy
-  pip: name=pyOpenSSL version=16.2.0
-
-- name: install pillow prerequisites for Debian < 8
-  apt: pkg={{ item }} state=present
-  with_items:
-    - libjpeg8-dev
-    - libtiff4-dev
-    - tcl8.5-dev
-    - tk8.5-dev
-  when: ansible_distribution_version | version_compare('8', 'lt')
-
-- name: install pillow prerequisites for Debian >= 8
-  apt: pkg={{ item }} state=present
-  with_items:
-    - libjpeg62-turbo-dev
-    - libtiff5-dev
-    - tcl8.5-dev
-    - tk8.5-dev
-  when: ansible_distribution_version | version_compare('8', 'ge')

playbooks/prerequisites/install_prerequisites.yml

@@ -1,97 +0,0 @@
----
-#- include_tasks: setup_essentials.yml
-
-- name: "Setup prerequisites"
-  hosts: localhost
-  become: yes
-  become_user: root
-  tasks:
-  - name: Install yum packages
-    yum: name={{ item }} state=present
-    with_items:
-      - bzip2-devel
-      - cronie
-      - dnsmasq
-      - freetype-devel
-      - git
-      - htop
-      - lcms2-devel
-      - libjpeg-devel
-      - libtiff-devel
-      - libffi-devel
-      - libwebp-devel
-      - libXext
-      - libXrender
-      - libzip-devel
-      - libffi-devel
-      - ntp
-      - openssl-devel
-      - postfix
-      - python-devel
-      - python-setuptools
-      - python-pip
-      - redis
-      - screen
-      - sudo
-      - tcl-devel
-      - tk-devel
-      - vim
-      - which
-      - xorg-x11-fonts-75dpi
-      - xorg-x11-fonts-Type1
-      - zlib-devel
-      - openssl-devel
-      - openldap-devel
-    when: ansible_os_family == 'RedHat'
-
-  # Prerequisite for Debian and Ubuntu
-  - name: Install apt packages
-    apt: pkg={{ item }} state=present force=yes
-    with_items:
-      - build-essential
-      - software-properties-common
-      - dnsmasq
-      - fontconfig
-      - git
-      - htop
-      - libcrypto++-dev
-      - libfreetype6-dev
-      - liblcms2-dev
-      - libssl-dev
-      - libwebp-dev
-      - libxext6
-      - libxrender1
-      - libxslt1-dev
-      - libxslt1.1
-      - libffi-dev
-      - ntp
-      - postfix
-      - python-dev
-      - python-pip
-      - python-tk
-      - redis-server
-      - screen
-      - vim
-      - xfonts-75dpi
-      - xfonts-base
-      - zlib1g-dev
-      - apt-transport-https
-      - libsasl2-dev
-      - libldap2-dev
-    when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
-
-  - include_tasks: ubuntu.yml
-    when: ansible_distribution == 'Ubuntu'
-
-  - include_tasks: debian.yml
-    when: ansible_distribution == 'Debian'
-
-  # Prerequisite for MACOS
-  - name: install prequisites for macos
-    homebrew: name={{ item }} state=present
-    with_items:
-      - cmake
-      - redis
-      - mariadb
-      - nodejs
-    when: ansible_distribution == 'MacOSX'

playbooks/prerequisites/install_roles.yml

@@ -1,36 +0,0 @@
----
-- name: Apply basic roles, mariadb, wkhtmltopdf, nodejs, nginx, fail2ban and psutil
-  hosts: localhost
-  become: yes
-  become_user: root
-  vars:
-    - mysql_conf_tpl: files/mariadb_config.cnf
-    - nginx_conf_file: files/nginx.conf
-    - mysql_secure_installation: True
-  roles:
-    - { role: locale, tags: "locale" }
-    - { role: swap, tags: "swap", when: production }
-    - { role: logwatch, tags: "logwatch", when: production }
-    - { role: bash_screen_wall, tags: "bash_screen_wall", when: production }
-    - { role: frappe_selinux, tags: "frappe_selinux", when: production }
-    - { role: dns_caching, tags: "dns_caching", when: production }
-    - { role: ntpd, tags: "ntpd", when: production }
-    - { role: mariadb, tags: "mariadb" }
-    - { role: wkhtmltopdf, tags: "wkhtmltopdf" }
-    - { role: nodejs, tags: "nodejs" }
-    - { role: psutil, tags: "psutil" }
-    - { role: supervisor, tags: "supervisor", when: production }
-    - { role: nginx, tags: "nginx", when: production }
-    - { role: fail2ban, tags: "fail2ban" , when: production }
-  tasks:
-    - name: Set hostname
-      hostname: name='{{ hostname }}'
-      when: hostname is defined and production
-
-    - name: Start NTPD
-      service: name=ntpd state=started
-      when: ansible_distribution == 'CentOS' and production
-
-    - name: Start NTPD
-      service: name=ntp state=started
-      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production

playbooks/prerequisites/roles/bash_screen_wall/tasks/main.yml

@@ -1,3 +0,0 @@
----
-- name: Setup bash screen wall
-  copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh

playbooks/prerequisites/roles/locale/defaults/main.yml

@@ -1,2 +0,0 @@
-locale_keymap: us
-locale_lang: en_US.utf8

playbooks/prerequisites/roles/mariadb/meta/main.yml

@@ -1,19 +0,0 @@
----
-galaxy_info:
-  author: "Attila van der Velde"
-  description: "Installs MariaDB"
-  company: "PCextreme B.V."
-  license: "license (MIT, BSD)"
-  min_ansible_version: 1.8
-  platforms:
-    - name: EL
-      versions:
-        - 6
-        - 7
-    - name: Ubuntu
-      versions:
-        - trusty
-  categories:
-    - database:sql
-
-dependencies: []

playbooks/prerequisites/roles/mariadb/tasks/main.yml

@@ -1,31 +0,0 @@
----
-- include_tasks: centos.yml
-  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version|int >= 6
-
-- include_tasks: ubuntu.yml
-  when: ansible_distribution == 'Ubuntu'
-
-- name: Add configuration
-  template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
-  when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
-  notify: restart mysql
-
-- include_tasks: debian.yml
-  when: ansible_distribution == 'Debian'
-
-- name: Add configuration
-  template: src=files/debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
-  when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
-  notify: restart mysql
-
-- name: Start and enable service
-  service: name=mysql state=started enabled=yes
-
-- debug:
-    msg: "{{ mysql_root_password }}"
-
-- include_tasks: mysql_secure_installation.yml
-  when: mysql_root_password is defined
-
-- debug: var=mysql_secure_installation
-  when: mysql_secure_installation and mysql_root_password is defined

playbooks/prerequisites/roles/nginx/.travis.yml

@@ -1,35 +0,0 @@
----
-language: python
-python: "2.7"
-
-env:
-  - SITE=test.yml
-
-before_install:
-  - sudo apt-get update -qq
-  - sudo apt-get install -y curl
-
-install:
-  # Install Ansible.
-  - pip install ansible
-
-  # Add ansible.cfg to pick up roles path.
-  - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
-
-script:
-  # Check the role/playbook's syntax.
-  - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
-
-  # Run the role/playbook with ansible-playbook.
-  - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
-
-  # Run the role/playbook again, checking to make sure it's idempotent.
-  - >
-    ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
-    | grep -q 'changed=0.*failed=0'
-    && (echo 'Idempotence test: pass' && exit 0)
-    || (echo 'Idempotence test: fail' && exit 1)
-
-  # TODO - get the test working. Probably need to add a virtual host.
-  # Request a page via Nginx, to make sure Nginx is running and responds.
-  # - "curl http://localhost/"

playbooks/prerequisites/roles/nginx/templates/nginx.conf.j2

@@ -1,51 +0,0 @@
-user  {{ nginx_user }};
-
-error_log  {{ nginx_error_log }};
-pid        /var/run/nginx.pid;
-
-worker_processes  {{ nginx_worker_processes }};
-
-events {
-    worker_connections  {{ nginx_worker_connections }};
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    server_names_hash_bucket_size 64;
-
-    client_max_body_size {{ nginx_client_max_body_size }};
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  {{ nginx_access_log }};
-
-    sendfile        {{ nginx_sendfile }};
-    tcp_nopush      {{ nginx_tcp_nopush }};
-    tcp_nodelay     {{ nginx_tcp_nodelay }};
-
-    keepalive_timeout  {{ nginx_keepalive_timeout }};
-    keepalive_requests {{ nginx_keepalive_requests }};
-
-    #gzip  on;
-
-{% if nginx_proxy_cache_path %}
-    proxy_cache_path {{ nginx_proxy_cache_path }};
-{% endif %}
-
-{% for upstream in nginx_upstreams %}
-    upstream {{ upstream.name }} {
-{% if upstream.strategy is defined %}
-        {{ upstream.strategy }};
-{% endif %}
-{% for server in upstream.servers %}
-        server {{ server }};
-{% endfor %}
-    }
-{% endfor %}
-
-    include {{ nginx_vhost_path }}/*;
-}

playbooks/prerequisites/roles/swap/defaults/main.yml

@@ -1 +0,0 @@
-swap_size_mb: 1024

playbooks/prerequisites/setup_essentials.yml

@@ -1,48 +0,0 @@
----
-  - name: Setup Essentials
-    hosts: localhost
-    become: yes
-    become_user: root
-
-    tasks:
-      - name: Install the 'Development tools' package group (Redhat)
-        yum: name="@Development tools" state=present
-        when: ansible_os_family == 'RedHat'
-
-      - name: Install EPEL
-        yum: name='epel-release' state=present
-        when: ansible_os_family == 'RedHat'
-
-      - name: Install libselinux-python
-        yum: name={{ item }} state=present
-        with_items:
-          - python-devel
-          - python-setuptools
-          - python-pip
-          - libselinux-python
-        when: ansible_os_family == 'RedHat'
-
-      - name: Add dotdeb apt repository key for Debian < 8
-        apt_key:
-          url: http://www.dotdeb.org/dotdeb.gpg
-          state: present
-        become: yes
-        become_user: root
-        when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')
-
-      - name: Add dotdeb apt repository for redis-server for Debian < 8
-        apt_repository:
-          repo: 'deb http://packages.dotdeb.org wheezy all'
-          state: present
-        become: yes
-        become_user: root
-        when: ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', 'lt')  
-
-      - name: Install python selinux
-        apt: pkg={{ item }} state=present force=yes
-        with_items:
-          - build-essential
-          - python-dev
-          - python-pip
-          - python-selinux
-        when: ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu'

playbooks/prerequisites/setup_nginx_proxy_jail.yml

@@ -1,2 +0,0 @@
----
-- include_tasks: ../prerequisites/roles/fail2ban/tasks/configure_nginx_jail.yml

playbooks/prerequisites/ubuntu.yml

@@ -1,18 +0,0 @@
----
-- name: install pillow prerequisites for Ubuntu < 14.04
-  apt: pkg={{ item }} state=present force=yes
-  with_items:
-   - libjpeg8-dev
-   - libtiff4-dev
-   - tcl8.5-dev
-   - tk8.5-dev
-  when: ansible_distribution_version | version_compare('14.04', 'lt')
-
-- name: install pillow prerequisites for Ubuntu >= 14.04
-  apt: pkg={{ item }} state=present force=yes
-  with_items:
-   - libjpeg8-dev
-   - libtiff5-dev
-   - tcl8.6-dev
-   - tk8.6-dev
-  when: ansible_distribution_version | version_compare('14.04', 'ge')

playbooks/production/includes/setup_bench_production.yml

@@ -1,90 +0,0 @@
----
-  - hosts: localhost
-    vars:
-      bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
-
-    tasks:
-
-    # In case we are re-running the script, we would like to skip the site creation
-    - name: Check whether a site exists
-      stat: path="{{ bench_path }}/sites/{{ site }}"
-      register: site_folder
-
-    - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
-      blockinfile:
-        path: /etc/mysql/conf.d/settings.cnf
-        block: |
-          # Import all .cnf files from configuration directory
-          !includedir /etc/mysql/mariadb.conf.d/
-      become: yes
-      become_user: root
-      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-
-    - name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
-      blockinfile:
-        path: /etc/mysql/mariadb.conf.d/erpnext.cnf
-        block: |
-          [mysqld]
-          pid-file        = /var/run/mysqld/mysqld.pid
-          socket          = /var/run/mysqld/mysqld.sock
-        create: yes
-      become: yes
-      become_user: root
-      when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-
-    - name: restart mysql
-      service: name=mysql state=restarted
-      become: yes
-      become_user: root
-
-    - name: Create new site
-      command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
-      args:
-        chdir: "{{ bench_path }}"
-      when: not site_folder.stat.exists
-
-    - name: Check ERPNext App exists
-      stat: path="{{ bench_path }}/apps/erpnext"
-      register: app
-
-    # In case we are re-running the script, we would like to skip getting ERPNext App
-    - name: Get-app erpnext app
-      command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
-      args:
-        chdir: '{{ bench_path }}'
-      when: not app.stat.exists
-
-    - name: Install erpnext app
-      command: bench --site {{ site }} install-app erpnext
-      args:
-        chdir: '{{ bench_path }}'
-
-    - name: Change permissions for frappe home folder
-      become: yes
-      become_user: root
-      file:
-        dest: '/home/{{ frappe_user }}'
-        owner: '{{ frappe_user }}'
-        group: '{{ frappe_user }}'
-        mode: 0755
-        recurse: yes
-        state: directory
-
-    - name: Setup production
-      become: yes
-      become_user: root
-      command: bench setup production {{ frappe_user }}
-      args:
-        chdir: '{{ bench_path }}'
-
-    - name: Setup Sudoers
-      become: yes
-      become_user: root
-      command: bench setup sudoers {{ frappe_user }}
-      args:
-        chdir: '{{ bench_path }}'
-
-    - name: Restart the bench
-      command: bench restart
-      args:
-        chdir: '{{ bench_path }}'

playbooks/production/includes/setup_inputrc.yml

@@ -1,12 +0,0 @@
----
-- hosts: localhost
-  tasks:
-  - name: insert/update inputrc for history
-    blockinfile:
-      dest: "/home/{{ frappe_user }}/.inputrc"
-      create: yes
-      block: |
-        ## arrow up
-        "\e[A":history-search-backward
-        ## arrow down
-        "\e[B":history-search-forward

playbooks/production/includes/setup_prod_env.yml

@@ -1,94 +0,0 @@
----
-- hosts: localhost
-
-  tasks:
-
-  ####################################################
-  # Replace default nginx config with nginx template
-  - name: Rename default nginx.conf to nginx.conf.old
-    command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old
-    become: yes
-    become_user: root
-
-  - name: Copy the nginx_config template
-    template:
-      src: ../templates/default_nginx.j2
-      dest: /etc/nginx/nginx.conf
-    become: yes
-    become_user: root
-
-  - name: Reload the nginx service
-    service:
-      name: nginx
-      state: restarted
-    become: yes
-    become_user: root
-
-  ######################################################
-  # Set InnoDB Buffer Pool size to half of total RAM
-  - name: Set InnoDB buffer pool
-    lineinfile: >
-      dest=/etc/my.cnf.d/frappe.cnf
-      regexp="^\[mysqld\]$"
-      line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
-      state=present
-    when: ansible_distribution == 'CentOS'
-    become: yes
-    become_user: root
-
-  - name: Set InnoDB buffer pool
-    lineinfile: >
-      dest=/etc/mysql/conf.d/frappe.cnf
-      regexp="^\[mysqld\]$"
-      line="[mysqld]\ninnodb_buffer_pool_size={{ (ansible_memtotal_mb/2)|round|int }}M"
-      state=present
-    when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-    become: yes
-    become_user: root
-
-  ####################################################
-  # Enable nginx, mysql, redis and supevisord services
-  - name: Enable nginx, mysql, and redis
-    service:
-      name: '{{ item }}'
-      enabled: yes
-    with_items:
-      - nginx
-      - mysql
-    become: yes
-    become_user: root
-
-  - name: Enable redis.service on centos
-    service:
-      name: redis
-      enabled: yes
-    become: yes
-    become_user: root
-    when: ansible_distribution == 'CentOS'
-
-  - name: Enable redis-server.service on ubuntu
-    service:
-      name: redis-server
-      enabled: yes
-    become: yes
-    become_user: root
-    when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-
-  - name: Check whether default supervisor.conf exists
-    service:
-      name: supervisord
-      state: started
-      enabled: yes
-    become: yes
-    become_user: root
-    when: ansible_distribution == 'CentOS'
-
-  - name: Check whether default supervisor.conf exists
-    service:
-      name: supervisor
-      state: started
-      enabled: yes
-    become: yes
-    become_user: root
-    when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-

playbooks/production/install.yml

@@ -1,9 +0,0 @@
----
-  # Install the common pre-requisites for the setting up bench
-  - include_tasks: ../develop/install.yml
-
-  - include_tasks: includes/setup_inputrc.yml
-
-  # Setup Bench for production environment
-  - include_tasks: includes/setup_bench_production.yml
-    when: not run_travis

playbooks/roles/bash_screen_wall/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Setup bash screen wall
+  copy: src=screen_wall.sh dest=/etc/profile.d/screen_wall.sh
+...

playbooks/roles/bench/tasks/change_ssh_port.yml

@@ -1,3 +1,4 @@
+---
 - name: Change ssh port
   gather_facts: false
   hosts: localhost
@@ -16,4 +17,4 @@
     - name: Change ansible ssh port to 2332
       set_fact:
         ansible_ssh_port: '{{ ssh_port }}'
-
+...

playbooks/roles/bench/tasks/main.yml

@@ -46,3 +46,15 @@
     args:
       creates: "{{ bench_path }}/apps/frappe"
       chdir: "{{ bench_path }}"
+
+  - include_tasks: setup_dev_env.yml
+    when: not run_travis and not production and (not without_bench_setup and ansible_distribution == 'Ubuntu')
+
+  - include_tasks: setup_inputrc.yml
+
+  # Setup Bench for production environment
+  - include_tasks: setup_bench_production.yml
+    vars:
+      bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
+    when: not run_travis and production
+...

playbooks/roles/bench/tasks/setup_bench_production.yml

@@ -0,0 +1,58 @@
+---
+# In case we are re-running the script, we would like to skip the site creation
+- name: Check whether a site exists
+  stat: path="{{ bench_path }}/sites/{{ site }}"
+  register: site_folder
+
+- name: Create new site
+  command: bench new-site {{ site }} --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
+  args:
+    chdir: "{{ bench_path }}"
+  when: not site_folder.stat.exists
+
+- name: Check ERPNext App exists
+  stat: path="{{ bench_path }}/apps/erpnext"
+  register: app
+
+# In case we are re-running the script, we would like to skip getting ERPNext App
+- name: Get-app erpnext app
+  command: bench get-app erpnext https://github.com/frappe/erpnext.git --branch {{ branch }}
+  args:
+    chdir: '{{ bench_path }}'
+  when: not app.stat.exists
+
+- name: Install erpnext app
+  command: bench --site {{ site }} install-app erpnext
+  args:
+    chdir: '{{ bench_path }}'
+
+- name: Change permissions for frappe home folder
+  become: yes
+  become_user: root
+  file:
+    dest: '/home/{{ frappe_user }}'
+    owner: '{{ frappe_user }}'
+    group: '{{ frappe_user }}'
+    mode: 0755
+    recurse: yes
+    state: directory
+
+- name: Setup production
+  become: yes
+  become_user: root
+  command: bench setup production {{ frappe_user }}
+  args:
+    chdir: '{{ bench_path }}'
+
+- name: Setup Sudoers
+  become: yes
+  become_user: root
+  command: bench setup sudoers {{ frappe_user }}
+  args:
+    chdir: '{{ bench_path }}'
+
+- name: Restart the bench
+  command: bench restart
+  args:
+    chdir: '{{ bench_path }}'
+...

playbooks/roles/bench/tasks/setup_dev_env.yml

@@ -1,5 +1,4 @@
 ---
-
  # Setup Procfile
  - name: setup procfile
    command: bench setup procfile
@@ -17,4 +16,6 @@
 
 
  # Setup an ERPNext site called site1.local
- - include_tasks: includes/setup_erpnext.yml
+ - include_tasks: setup_erpnext.yml
+   hosts: localhost
+...

playbooks/roles/bench/tasks/setup_erpnext.yml

@@ -0,0 +1,28 @@
+---
+  - name: Check if ERPNext App exists
+    stat: path="{{ bench_path }}/apps/erpnext"
+    register: app
+
+  - name: get erpnext
+    command: bench get-app erpnext https://github.com/frappe/erpnext --branch {{ branch }}
+    args:
+      creates: "{{ bench_path }}/apps/erpnext"
+      chdir: "{{ bench_path }}"
+    when: not app.stat.exists
+
+  - name: Check whether a site called site1.local exists
+    stat: path="{{ bench_path }}/sites/site1.local"
+    register: site_folder
+
+  - name: create a new default site 
+    command: bench new-site site1.local --admin-password {{ admin_password }} --mariadb-root-password {{ mysql_root_password }}
+    args:
+      chdir: "{{ bench_path }}"
+    when: not site_folder.stat.exists
+
+  - name: install erpnext to default site
+    command: bench --site site1.local install-app erpnext
+    args:
+      chdir: "{{ bench_path }}"
+
+...

playbooks/roles/bench/tasks/setup_firewall.yml

@@ -1,3 +1,4 @@
+---
 - name: Setup Firewall
   user: root
   hosts: localhost
@@ -47,4 +48,4 @@
         - 443
         - "{{ ssh_port }}"
       when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
-
+...

playbooks/roles/bench/tasks/setup_inputrc.yml

@@ -0,0 +1,11 @@
+---
+- name: insert/update inputrc for history
+  blockinfile:
+    dest: "/home/{{ frappe_user }}/.inputrc"
+    create: yes
+    block: |
+      ## arrow up
+      "\e[A":history-search-backward
+      ## arrow down
+      "\e[B":history-search-forward
+...

playbooks/roles/common/tasks/debian.yml

@@ -0,0 +1,56 @@
+---
+
+- name: Install prerequisites using apt-get
+  become: yes
+  become_user: root
+  apt: pkg={{ item }} state=present force=yes
+  with_items:
+    - dnsmasq
+    - fontconfig
+    - git                     # Version control
+    - htop                    # Server stats
+    - libcrypto++-dev
+    - libfreetype6-dev
+    - liblcms2-dev
+    - libssl-dev
+    - libwebp-dev
+    - libxext6
+    - libxrender1
+    - libxslt1-dev
+    - libxslt1.1
+    - libffi-dev
+    - ntp                     # Clock synchronization
+    - postfix                 # Mail Server
+    - python-dev              # Installing python developer suite 
+    - python3-dev
+    - python-tk               # Why !?
+    - screen
+    - vim
+    - xfonts-75dpi
+    - xfonts-base
+    - zlib1g-dev
+    - apt-transport-https
+    - libsasl2-dev
+    - libldap2-dev
+
+- name: Install pillow prerequisites for Debian < 8 and Ubuntu < 14.04
+  apt: pkg={{ item }} state=present force=yes
+  with_items:
+   - libjpeg8-dev
+   - libtiff4-dev
+   - tcl8.5-dev
+   - tk8.5-dev
+  when: (ansible_distribution == "Debian" and ansible_distribution_major_version < "8") or
+        (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "14")
+
+- name: Install pillow prerequisites for Debian >= 8 and Ubuntu >= 14.04
+  apt: pkg={{ item }} state=present force=yes
+  with_items:
+   - libjpeg8-dev
+   - libtiff5-dev
+   - tcl8.6-dev
+   - tk8.6-dev
+  when: (ansible_distribution == "Debian" and ansible_distribution_major_version >= "8") or
+        (ansible_distribution == "Ubuntu" and ansible_distribution_major_version >= "16")
+
+...

playbooks/roles/common/tasks/macos.yml

@@ -0,0 +1,37 @@
+---
+
+- hosts: localhost
+  become: yes
+  become_user: root
+  vars:
+    bench_repo_path: "/Users/{{ ansible_user_id }}/.bench"
+    bench_path: "/Users/{{ ansible_user_id }}/frappe-bench"
+  tasks:
+    # install pre-requisites
+    - name: install prequisites
+      homebrew: name={{ item }} state=present
+      with_items:
+        - cmake
+        - redis
+        - mariadb
+        - nodejs
+
+    # install wkhtmltopdf
+    - name: cask installs
+      homebrew_cask: name={{ item }} state=present
+      with_items:
+        - wkhtmltopdf
+
+    - name: configure mariadb
+      include_tasks: ../prerequisites/roles/mariadb/tasks/main.yml
+      vars:
+        mysql_conf_tpl: ../prerequisites/files/mariadb_config.cnf
+
+    # setup frappe-bench
+    - include_tasks: includes/setup_bench.yml
+
+    # setup development environment
+    - include_tasks: includes/setup_dev_env.yml
+      when: not production
+
+...

playbooks/roles/common/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+# Install's prerequisites, like fonts, image libraries, vim, screen, python-dev and gcc 
+
+- include_tasks: debian.yml
+  when: ansible_os_family == 'Debian'
+...

playbooks/roles/common/tasks/redhat.yml

@@ -0,0 +1,44 @@
+---
+
+- name: "Setup prerequisites"
+  become: yes
+  become_user: root
+  tasks:
+  - name: Install yum packages
+    yum: name={{ item }} state=present
+    with_items:
+      - bzip2-devel
+      - cronie
+      - dnsmasq
+      - freetype-devel
+      - git
+      - htop
+      - lcms2-devel
+      - libjpeg-devel
+      - libtiff-devel
+      - libffi-devel
+      - libwebp-devel
+      - libXext
+      - libXrender
+      - libzip-devel
+      - libffi-devel
+      - ntp
+      - openssl-devel
+      - postfix
+      - python-devel
+      - python-setuptools
+      - python-pip
+      - redis
+      - screen
+      - sudo
+      - tcl-devel
+      - tk-devel
+      - vim
+      - which
+      - xorg-x11-fonts-75dpi
+      - xorg-x11-fonts-Type1
+      - zlib-devel
+      - openssl-devel
+      - openldap-devel
+
+...

playbooks/roles/dns_caching/handlers/main.yml

@@ -1,3 +1,4 @@
 ---
-- name: restart network manager
+- name: Restart network manager
   service: name=NetworkManager state=restarted
+...

playbooks/roles/dns_caching/tasks/main.yml

@@ -1,14 +1,14 @@
 ---
-- name: check NetworkManager.conf exists
+- name: Check NetworkManager.conf exists
   stat:
     path: /etc/NetworkManager/NetworkManager.conf
   register: result
 
-- name: unmask NetworkManager service
+- name: Unmask NetworkManager service
   command: systemctl unmask NetworkManager
   when: result.stat.exists
 
-- name: add dnsmasq to network config
+- name: Add dnsmasq to network config
   lineinfile: >
     dest=/etc/NetworkManager/NetworkManager.conf
     regexp="dns="
@@ -17,4 +17,4 @@
   when: result.stat.exists
   notify:
   - restart network manager
-
+...

playbooks/roles/frappe_selinux/tasks/main.yml

@@ -6,13 +6,6 @@
     - selinux-policy-devel
   when: ansible_distribution == 'CentOS'
 
-# - name: Install SELinux for Ubuntu
-#   apt: name={{ item }} state=present
-#   with_items:
-#    - selinux
-#    - selinux-policy-dev
-#   when: ansible_distribution == 'Ubuntu'
-
 - name: Check enabled SELinux modules
   shell: semanage module -l
   register: enabled_modules
@@ -28,4 +21,4 @@
   args:
     chdir: /root/
   when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed"
-
+...

playbooks/roles/locale/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+locale_keymap: us
+locale_lang: en_US.utf8
+...

playbooks/roles/locale/tasks/main.yml

@@ -6,11 +6,11 @@
 
 - name: Set Locale
   command: "localectl set-locale LANG={{ locale_lang }}"
-  when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG={{ locale_lang }}') == -1
+  when: (ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('LANG=locale_lang') == -1
 
 - name: Set keymap
   command: "localectl set-keymap {{ locale_keymap }}"
-  when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap: {{locale_keymap}}') == -1"
+  when: "(ansible_distribution == 'Centos' or ansible_distribution == 'Ubuntu') and locale_test.stdout.find('Keymap:locale_keymap') == -1"
 
 - name: Set Locale as en_US
   lineinfile: dest=/etc/environment backup=yes line="{{ item }}"
@@ -18,3 +18,4 @@
     - "LC_ALL=en_US.UTF-8"
     - "LC_CTYPE=en_US.UTF-8"
     - "LANG=en_US.UTF-8"
+...

playbooks/roles/logwatch/defaults/main.yml

@@ -1,3 +1,4 @@
 ---
 logwatch_emails: "{{ admin_emails }}"
 logwatch_detail: High
+...

playbooks/roles/logwatch/tasks/main.yml

@@ -10,3 +10,4 @@
 - name: Copy logwatch config
   template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes
   when: admin_emails is defined
+...

playbooks/roles/mariadb/defaults/main.yml

@@ -5,3 +5,4 @@ mysql_conf_tpl: change_me
 mysql_conf_file: settings.cnf
 
 mysql_secure_installation: false
+...

playbooks/roles/mariadb/handlers/main.yml

@@ -1,3 +1,4 @@
 ---
 - name: restart mysql
   service: name=mysql state=restarted
+...

playbooks/roles/mariadb/tasks/centos.yml

@@ -6,7 +6,4 @@
   yum: name={{ item }} enablerepo=mariadb state=present
   with_items:
     - MariaDB-server
-    - MariaDB-client
+...
-    - MySQL-python
-    - MariaDB-devel
-

playbooks/roles/mariadb/tasks/debian.yml

@@ -28,3 +28,4 @@
     - mariadb-common
     - libmariadbclient18
     - python-mysqldb
+...

playbooks/roles/mariadb/tasks/main.yml

@@ -0,0 +1,54 @@
+---
+- include_tasks: centos.yml
+  when: ansible_distribution == 'CentOS'
+
+- include_tasks: ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'
+
+- name: Add configuration
+  template: src={{ mysql_conf_tpl }} dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
+  when: mysql_conf_tpl != 'change_me' and ansible_distribution != 'Debian'
+  notify: restart mysql
+
+- include_tasks: debian.yml
+  when: ansible_distribution == 'Debian'
+
+- name: Add configuration
+  template: src=debian_mariadb_config.cnf dest={{ mysql_conf_dir[ansible_distribution] }}/{{ mysql_conf_file }} owner=root group=root mode=0644
+  when: mysql_conf_tpl != 'change_me' and ansible_distribution == 'Debian'
+  notify: restart mysql
+
+- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
+  blockinfile:
+    path: /etc/mysql/conf.d/settings.cnf
+    block: |
+      # Import all .cnf files from configuration directory
+      !includedir /etc/mysql/mariadb.conf.d/
+  become: yes
+  become_user: root
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
+
+- name: Add additional conf for MariaDB 10.2 in mariadb.conf.d
+  blockinfile:
+    path: /etc/mysql/mariadb.conf.d/erpnext.cnf
+    block: |
+      [mysqld]
+      pid-file        = /var/run/mysqld/mysqld.pid
+      socket          = /var/run/mysqld/mysqld.sock
+    create: yes
+  become: yes
+  become_user: root
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
+
+- name: Start and enable service
+  service: name=mysql state=started enabled=yes
+
+- debug:
+    msg: "{{ mysql_root_password }}"
+
+- include_tasks: mysql_secure_installation.yml
+  when: mysql_root_password is defined
+
+- debug: var=mysql_secure_installation
+  when: mysql_secure_installation and mysql_root_password is defined
+...

playbooks/roles/mariadb/tasks/mysql_secure_installation.yml

@@ -80,3 +80,4 @@
 - name: start mysql mac
   command: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.mariadb.plist
   when: ansible_distribution == 'MacOSX'
+...

playbooks/roles/mariadb/tasks/ubuntu.yml

@@ -25,7 +25,5 @@
   apt: pkg={{ item }} state=present
   with_items:
     - mariadb-server
-    - mariadb-client
+    - python-mysqldb # required to set the MySQL password using ansible
-    - mariadb-common
+...
-    - libmariadbclient18
-    - python-mysqldb

playbooks/roles/mariadb/vars/main.yml

@@ -4,3 +4,6 @@ mysql_conf_dir:
   "Ubuntu": /etc/mysql/conf.d
   "Debian": /etc/mysql/conf.d
   "MacOSX": /usr/local/etc/my.cnf.d
+mysql_conf_tpl: files/mariadb_config.cnf
+mysql_secure_installation: True
+...

playbooks/roles/nginx/tasks/main.yml

@@ -48,3 +48,4 @@
   service: name=nginx state=started enabled=yes
 
 - include_tasks: vhosts.yml
+...

playbooks/roles/ntpd/tasks/main.yml

@@ -6,7 +6,7 @@
     - ntpdate
   when: ansible_distribution == 'CentOS'
 
-- name: enable ntpd
+- name: Enable ntpd
   service: name=ntpd enabled=yes state=started
   when: ansible_distribution == 'CentOS'
 
@@ -17,7 +17,7 @@
     - ntpdate
   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
 
-- name: enable ntpd
+- name: Enable ntpd
   service: name=ntp enabled=yes state=started
   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
-
+...

playbooks/roles/redis/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+  - name: Install yum packages
+    yum: name={{ item }} state=present
+    with_items:
+      - redis
+    when: ansible_os_family == 'RedHat'
+
+  # Prerequisite for Debian and Ubuntu
+  - name: Install apt packages
+    apt: pkg={{ item }} state=present force=yes
+    with_items:
+      - redis-server
+    when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+  # Prerequisite for MACOS
+  - name: install prequisites for macos
+    homebrew: name={{ item }} state=present
+    with_items:
+      - redis
+    when: ansible_distribution == 'MacOSX'
+...

playbooks/roles/swap/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+swap_size_mb: 1024
+...

playbooks/roles/wkhtmltopdf/tasks/main.yml

@@ -35,3 +35,4 @@
   file: path=/usr/local/bin/wkhtmltopdf mode="o+x"
   become: true
   become_user: root
+...

playbooks/site.yml

@@ -0,0 +1,48 @@
+---
+# This is the master playbook that deploys the whole Frappe and ERPNext stack
+
+- hosts: localhost
+  become: yes
+  become_user: root
+  roles:
+    - common
+    - { role: locale,            tags: "locale"                             }
+    - { role: swap,              tags: "swap",             when: production }
+    - { role: logwatch,          tags: "logwatch",         when: production }
+    - { role: bash_screen_wall,  tags: "bash_screen_wall", when: production }
+    - { role: frappe_selinux,    tags: "frappe_selinux",   when: production }
+    - { role: dns_caching,       tags: "dns_caching",      when: production }
+    - { role: ntpd,              tags: "ntpd",             when: production }
+    - { role: mariadb,           tags: "mariadb"                            }
+    - { role: wkhtmltopdf,       tags: "wkhtmltopdf"                        }
+    - { role: nodejs,            tags: "nodejs"                             }
+    - { role: psutil,            tags: "psutil"                             }
+    - { role: redis,             tags: "redis"                              }
+    - { role: supervisor,        tags: "supervisor",       when: production }
+    - { role: nginx,             tags: "nginx",            when: production }
+    - { role: fail2ban,          tags: "fail2ban",         when: production }
+  tasks:
+    - name: Set hostname
+      hostname: name='{{ hostname }}'
+      when: hostname is defined and production
+
+    - name: Start NTPD
+      service: name=ntpd state=started
+      when: ansible_distribution == 'CentOS' and production
+
+    - name: Start NTPD
+      service: name=ntp state=started
+      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' and production
+
+    - include_tasks: macosx.yml
+      when: ansible_distribution == 'MacOSX'
+
+- name: setup bench and dev environment
+  hosts: localhost
+  vars:
+    bench_repo_path: "/home/{{ frappe_user }}/.bench"
+    bench_path: "/home/{{ frappe_user }}/{{ bench_name }}"
+  roles:
+  # setup frappe-bench
+    - { role: bench, tags: "bench", when: not run_travis and not without_bench_setup }
+...