Skip to content
This repository has been archived by the owner on Aug 28, 2024. It is now read-only.

Commit

Permalink
Bucket of old changes
Browse files Browse the repository at this point in the history
  • Loading branch information
symroe committed Mar 29, 2022
1 parent b5a86c7 commit 8604d6e
Show file tree
Hide file tree
Showing 14 changed files with 123 additions and 154 deletions.
4 changes: 2 additions & 2 deletions ansible.cfg
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[defaults]
hostfile = hosts
inventory = ./hosts
vault_password_file=.vault_pass.txt
host_key_checking = False
[ssh_connection]
pipelining = True

35 changes: 25 additions & 10 deletions deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
notify:
- restart web frontend
register: application_config
become_user: root
become: true

- name: Upgrade the virtualenv.
pip:
Expand All @@ -42,22 +44,22 @@
virtualenv: "{{ project_root }}/env"
when: (application_git_repo.changed) or (application_config.changed)

- name: Install packages based on package.json.
npm:
path: "{{ project_root }}/code"

- name: Build NPM assets
command: npm run build
args:
chdir: "{{ project_root }}/code"

- name: Generate Django media.
django_manage:
command: collectstatic --noinput
app_path: "{{ project_root }}/code"
virtualenv: "{{ project_root }}/env"
when: (application_git_repo.changed) or (application_config.changed)

- name: Compile all translations from .po files into .mo files
django_manage:
command: compilemessages
app_path: "{{ project_root }}/code"
virtualenv: "{{ project_root }}/env"
notify:
- restart web frontend
when: (application_git_repo.changed) or (application_config.changed)

- name: Install rsyslog configuration files
template:
src: files/conf/rsyslog.conf
Expand All @@ -66,5 +68,18 @@
notify:
- restart rsyslog

- name: Check django is working
django_manage:
command: check
app_path: "{{ project_root }}/code"
virtualenv: "{{ project_root }}/env"

- name: Flush handlers
meta: flush_handlers

- name: Check gunicorn is up
command: service ynr_gunicorn status
args:
warn: false

- include: crontab.yml
- import_playbook: crontab.yml
File renamed without changes.
7 changes: 1 addition & 6 deletions hosts
Original file line number Diff line number Diff line change
@@ -1,13 +1,8 @@
[remote:children]
production
staging

[servers:children]
production
staging

[staging]
DC_prod deploy_env=staging domain=stage.candidates.democracyclub.org.uk app_branch=staging

[production]
YNR_Prod deploy_env=production domain=candidates.democracyclub.org.uk app_branch=master
YNR_Prod_2020 deploy_env=production domain=candidates.democracyclub.org.uk app_branch=master
12 changes: 2 additions & 10 deletions provision.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,12 @@
- provision
- s3_cmd
- harden
- opencv
- users
# - { role: backup_ynr, when: "deploy_env == 'production'" }
# - { role: restore_from_ynr_backup, when: "deploy_env == 'staging'" }
vars_files:
- vars.yml
- vault.yml
gather_facts: false
gather_facts: true
become: true
pre_tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
register: output
changed_when: 'output.stdout != ""'
- name: setup
setup: filter=ansible_*
- include: deploy.yml
- import_playbook: deploy.yml
5 changes: 1 addition & 4 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
ansible==2.2.2.0
ansible==2.10.1
appdirs==1.4.3
asn1crypto==0.22.0
cffi==1.10.0
cryptography==1.8.1
enum34==1.1.6
idna==2.5
ipaddress==1.0.18
Jinja2==2.9.6
MarkupSafe==1.0
packaging==16.8
paramiko>=2.1.6
pyasn1==0.2.3
Expand Down
9 changes: 6 additions & 3 deletions roles/common/handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,18 @@
become: true

- name: restart web frontend
action: service name={{ project_name }}_gunicorn state=restarted
systemd:
state: restarted
daemon_reload: yes
name: "{{ project_name }}_gunicorn"
become: true
become_user: root

- name: reload systemd
sudo: yes
become: true
command: systemctl daemon-reload

- name: restart rsyslog
service: name=rsyslog state=restarted
become: True
become: true
become_user: root
4 changes: 2 additions & 2 deletions roles/harden/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
# fail2ban
- name: install fail2ban
apt: pkg=fail2ban state=installed
apt: pkg=fail2ban state=latest
tags: package

- name: configure fail2ban local jails
Expand All @@ -15,7 +15,7 @@

# UFW
- name: install UFW
apt: pkg=ufw state=installed
apt: pkg=ufw state=latest
tags: package

- ufw:
Expand Down
64 changes: 0 additions & 64 deletions roles/opencv/tasks/main.yml

This file was deleted.

27 changes: 22 additions & 5 deletions roles/provision/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
- name: Install required system packages.
apt:
pkg: "{{ item }}"
state: installed
state: latest
update-cache: yes
cache_valid_time: 43200
with_items: "{{ system_packages }}"
Expand Down Expand Up @@ -60,7 +60,6 @@
pip:
name: "gunicorn"
virtualenv: "{{ project_root }}/env/"
virtualenv_python: "python3.5"
become_user: "{{ project_name }}"

- name: Install python2 psycopg2
Expand All @@ -80,14 +79,28 @@
dest: "{{ project_root }}/.htpasswd"
notify: restart nginx

- name: Install nginx configuration file.
template: src=files/conf/nginx.conf dest=/etc/nginx/sites-enabled/{{ project_name }}
# - name: Install nginx configuration file.
# template: src=files/conf/nginx.conf dest=/etc/nginx/nginx.conf
# notify: restart nginx

- name: Install nginx app configuration file.
template: src=files/conf/nginx_ynr.conf dest=/etc/nginx/sites-enabled/{{ project_name }}
notify: restart nginx

- name: Install nginx refirects file.
template: src=files/conf/nginx_redirects.conf dest=/etc/nginx/{{ project_name }}_redirects.conf
notify: restart nginx

- name: Increase map_hash_bucket_size
lineinfile:
dest: /etc/nginx/nginx.conf
insertafter: "sendfile on;"
line: "\tmap_hash_bucket_size 512;"
state: present
backup: yes
notify: restart nginx


- name: Remove default nginx config
file:
state: absent
Expand All @@ -97,12 +110,16 @@
template: src=files/conf/mime.types dest=/etc/nginx/mime.types
notify: "restart nginx"

- name: Validate Nginx config
become: yes
command: nginx -t
changed_when: false

- name: Install systemd init scripts.
template:
src: files/systemd/{{ item }}.service
dest: /etc/systemd/system/{{ project_name }}_{{ item }}.service
with_items: "{{ initfiles }}"
when: ansible_distribution_version == "16.04"
notify:
- reload systemd
- "restart web frontend"
6 changes: 2 additions & 4 deletions roles/s3_cmd/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,11 @@
- name: install s3cmd
apt:
pkg: s3cmd
state: installed
state: latest
tags: package

- name: configure s3cmd
sudo: true
become: true
template: >
src=s3cmd.conf
dest={{project_root}}/home/.s3cfg
4 changes: 2 additions & 2 deletions vars.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,15 @@ system_packages:
- libxslt-dev
- libyaml-dev
- memcached
- npm
- nginx
- opencv-data
- postfix
- postgis
- python-is-python3
- python3-dev
- python3-pip
- python3-psycopg2
- python3-setuptools
- python3-virtualenv
- redis-server
- s3cmd
- yui-compressor
Expand Down
Loading

0 comments on commit 8604d6e

Please sign in to comment.