From 33d774697fe603a825c5fccf36b987ca7bbab24e Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Tue, 7 May 2024 12:13:28 +0200 Subject: [PATCH] Lifecycle: Move to docker --- roles/lifecycle/defaults/main.yml | 23 -- roles/lifecycle/handlers/main.yml | 6 + roles/lifecycle/tasks/install-branch.yml | 45 ---- roles/lifecycle/tasks/install-release.yml | 32 --- roles/lifecycle/tasks/main.yml | 141 ++++------- .../templates/lifecycle-pool-72.conf.j2 | 225 ------------------ roles/lifecycle/templates/lifecycle.conf.j2 | 35 --- roles/lifecycle/templates/makeRelease.sh.j2 | 92 ------- roles/lifecycle/templates/parameters.yml.j2 | 3 + roles/lifecycle/vars/main.yml | 13 + 10 files changed, 72 insertions(+), 543 deletions(-) delete mode 100644 roles/lifecycle/defaults/main.yml create mode 100644 roles/lifecycle/handlers/main.yml delete mode 100644 roles/lifecycle/tasks/install-branch.yml delete mode 100644 roles/lifecycle/tasks/install-release.yml delete mode 100644 roles/lifecycle/templates/lifecycle-pool-72.conf.j2 delete mode 100644 roles/lifecycle/templates/lifecycle.conf.j2 delete mode 100644 roles/lifecycle/templates/makeRelease.sh.j2 create mode 100644 roles/lifecycle/vars/main.yml diff --git a/roles/lifecycle/defaults/main.yml b/roles/lifecycle/defaults/main.yml deleted file mode 100644 index b22afc29e..000000000 --- a/roles/lifecycle/defaults/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# -lifecycle_version: '' -# Lifecycle installer specific variables -lifecycle_version_dir: "{{ lifecycle_version | replace('/', '-') }}" -lifecycle_branch_dir: "{{ openconext_builds_dir }}/OpenConext-user-lifecycle-{{ lifecycle_branch | replace('/', '-') }}" -lifecycle_release_dir: "{{ openconext_releases_dir }}/OpenConext-user-lifecycle-{{ lifecycle_version_dir }}" -lifecycle_build_path: "{{ openconext_builds_dir }}/OpenConext-user-lifecycle-{{ lifecycle_version_dir }}.tar.gz" -lifecycle_download_url: "https://github.com/OpenConext/OpenConext-user-lifecycle/releases/download/{{ lifecycle_version }}/OpenConext-user-lifecycle-{{ lifecycle_version_dir }}.tar.gz" -lifecycle_current_release_symlink: "{{ openconext_releases_dir }}/OpenConext-user-lifecycle" - -lifecycle_user: lifecycle -lifecycle_data_dir: /opt/openconext/OpenConext-lifecycle -lifecycle_symfony_env: prod -lifecycle_apache_symfony_environment: prod -lifecycle_eb_logins_db: eb_logins -lifecycle_db_host: localhost -lifecycle_user_quota: 1500 -lifecycle_inactivity_period: 37 -lifecycle_api_enabled: true -lifecycle_api_password: secret -lifecycle_api_username: lifecycle - diff --git a/roles/lifecycle/handlers/main.yml b/roles/lifecycle/handlers/main.yml new file mode 100644 index 000000000..8c65fdb80 --- /dev/null +++ b/roles/lifecycle/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart lifecycle + community.docker.docker_container: + name: lifecycle + state: started + restart: true diff --git a/roles/lifecycle/tasks/install-branch.yml b/roles/lifecycle/tasks/install-branch.yml deleted file mode 100644 index c3c7dfaca..000000000 --- a/roles/lifecycle/tasks/install-branch.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Check if target dir exists - stat: - path: "{{ lifecycle_release_dir }}" - register: lifecycle_dir - -- name: Create build dir - file: - path: "{{ lifecycle_branch_dir }}" - state: directory - - #- name: Checkout lifecycle branch - #git: - # repo: https://github.com/OpenConext/OpenConext-lifecycle-user.git - # dest: "{{ lifecycle_branch_dir }}" - # version: "{{ lifecycle_branch }}" - # force: yes - #register: lifecycle_gitclone -- name: Copy makerelease.sh - template: - src: "makeRelease.sh.j2" - dest: "{{lifecycle_branch_dir}}/makeRelease.sh" - mode: 0770 - -- name: Make release - command: "./makeRelease.sh {{ lifecycle_branch }}" - environment: - HOME: "{{ openconext_builds_dir }}" - args: - chdir: "{{ lifecycle_branch_dir }}" - -- name: Unpack current version - unarchive: - src: "{{ openconext_builds_dir }}/Releases/OpenConext-user-lifecycle-{{ lifecycle_branch | replace('/', '_') }}.tar.gz" - dest: "{{ openconext_releases_dir }}" - copy: no - -- name: Activate new lifecycle branch - file: - src: "{{ openconext_releases_dir }}/OpenConext-user-lifecycle-{{ lifecycle_branch | replace('/', '_') }}" - dest: "{{ lifecycle_current_release_symlink }}" - state: link - notify: - - "restart httpd" - - "restart php72-fpm" diff --git a/roles/lifecycle/tasks/install-release.yml b/roles/lifecycle/tasks/install-release.yml deleted file mode 100644 index cd6820db6..000000000 --- a/roles/lifecycle/tasks/install-release.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Check if target dir exists - stat: - path: "{{ lifecycle_current_release_symlink }}" - follow: no - register: lifecycle_dir - -- name: Download current version - get_url: - url: "{{ lifecycle_download_url }}" - dest: "{{ lifecycle_build_path }}" - register: lifecycle_download - -- name: Unpack current version - unarchive: - src: "{{ lifecycle_build_path }}" - dest: "{{ openconext_releases_dir }}" - copy: no - when: - - lifecycle_download.changed or lifecycle_dir.stat.lnk_source != lifecycle_release_dir - -- name: Activate new Lifecycle release - file: - src: "{{ lifecycle_release_dir }}" - dest: "{{ lifecycle_current_release_symlink }}" - state: link - notify: - - "restart httpd" - - "restart php72-fpm" - when: - - lifecycle_download.changed or lifecycle_dir.stat.lnk_source != lifecycle_release_dir - diff --git a/roles/lifecycle/tasks/main.yml b/roles/lifecycle/tasks/main.yml index ed09c7bf7..2c5c99e3b 100644 --- a/roles/lifecycle/tasks/main.yml +++ b/roles/lifecycle/tasks/main.yml @@ -1,108 +1,67 @@ - name: Add group {{ lifecycle_user }} - group: + ansible.builtin.group: name: "{{ lifecycle_user }}" state: present + register: lifecycle_guid - name: Add user {{ lifecycle_user }} - user: + ansible.builtin.user: name: "{{ lifecycle_user }}" group: "{{ lifecycle_user }}" - createhome: yes + createhome: true state: present + register: lifecycle_uid -- name: Create php session dir for lifecycle - file: - path: "{{ php_session_dir }}/lifecycle" +- name: Create config dirs sajsdjasjaksa + ansible.builtin.file: state: directory - owner: "{{ lifecycle_user }}" + dest: "{{ item }}" + owner: root group: root - mode: 0770 - -- name: Install Apache vhost - template: - src: lifecycle.conf.j2 - dest: /etc/httpd/conf.d/lifecycle.conf - notify: "reload httpd" - -- name: Clean up old php-fpm 5.6 config - file: - path: "/etc/php-fpm.d/lifecycle-pool.conf" - state: absent - -- name: php-fpm 72 config - template: - src: "{{ item }}.j2" - dest: "/etc/opt/remi/php72/php-fpm.d/{{ item }}" + mode: "0755" with_items: - - lifecycle-pool-72.conf - notify: - - "restart php72-php-fpm" + - "{{ current_release_config_dir_name }}" -- name: Include install-branch.yml - include_tasks: install-branch.yml - when: lifecycle_branch is defined and lifecycle_branch != '' - -- name: Include install-release.yml - include_tasks: install-release.yml - when: lifecycle_branch is not defined or lifecycle_branch == '' - -- name: Place parameters.yml - template: - src: "{{ item }}.j2" - dest: "{{ lifecycle_current_release_symlink }}/config/legacy/{{ item }}" - mode: 0644 +- name: Put parameters YAML config + ansible.builtin.template: + src: "{{ item }}.yml.j2" + dest: "{{ current_release_config_dir_name }}/{{ item }}.yaml" + mode: "0640" + group: "{{ appname }}" with_items: - - parameters.yml + - parameters notify: - - "restart php72-fpm" - -- name: Place .envl file - copy: - src: env - dest: "{{ lifecycle_current_release_symlink }}/.env" - mode: 0644 - -- name: Create the symfony cache - command: "/usr/bin/php72 bin/console cache:clear --env={{ lifecycle_apache_symfony_environment }} --no-debug" - args: - chdir: "{{ lifecycle_current_release_symlink }}/" - when: - - not develop - changed_when: false - -- name: Make sure cache dir has correct permissions - file: - path: "{{ lifecycle_current_release_symlink }}/var/cache" - owner: "{{ lifecycle_user }}" - group: "{{ lifecycle_user }}" - recurse: yes - changed_when: false - -- name: Make sure log dir has correct permissions - file: - path: "{{ lifecycle_current_release_symlink }}/var/logs" - owner: "{{ lifecycle_user }}" - group: "{{ lifecycle_user }}" - recurse: yes - changed_when: false - - # Remove all dirs, but keep the current version and from the rest the most recent one. -- name: Clean up old releases - shell: ls -td {{ openconext_releases_dir }}/OpenConext-user-lifecycle-* | grep -v $(readlink {{ lifecycle_current_release_symlink }}) | tail -n +2 | xargs --no-run-if-empty rm -rv - register: clean_releases - changed_when: '"removed" in clean_releases.stdout' + - restart {{ appname }} -# Remove all tarballs, but keep the current version and from the rest the most recent one. -- name: Clean up old builds - shell: ls -td {{ openconext_builds_dir }}/OpenConext-user-lifecycle-* {{ openconext_builds_dir }}/Releases/ | grep -v {{ lifecycle_build_path }} | tail -n +2 | xargs --no-run-if-empty rm -rv - register: clean_builds - changed_when: '"removed" in clean_builds.stdout' +- name: Create the container + community.docker.docker_container: + name: "{{ appname }}" + image: ghcr.io/openconext/openconext-user-lifecycle/user-lifecycle:{{ lifecycle_version }} + etc_hosts: + host.docker.internal: host-gateway + pull: true + restart_policy: "always" + networks: + - name: "loadbalancer" + labels: + traefik.http.routers.lifecycle.rule: "Host(`lifecycle.{{ base_domain }}`)" + traefik.http.routers.lifecycle.tls: "true" + traefik.enable: "true" + env: + APACHE_UID: "#{{ lifecycle_uid.uid }}" + APACHE_GUID: "#{{ lifecycle_guid.gid }}" + APP_ENV: prod + HTTPD_CSP: "{{ httpd_csp.strict }}" + mounts: + - source: /opt/openconext/lifecycle + target: /var/www/html/config/openconext + type: bind -- name: Create daily cronjob - cron: - name: lifecycle run - minute: "8" - hour: "01" - user: "{{ lifecycle_user }}" - job: "/usr/bin/php72 {{ lifecycle_current_release_symlink }}/userlifecycle deprovision" - cron_file: user_lifecycle +#- name: Create daily cronjob + # cron: + # name: lifecycle run + # minute: "8" + # hour: "01" + # user: "{{ lifecycle_user }}" + # job: "/usr/bin/php72 {{ lifecycle_current_release_symlink }}/userlifecycle deprovision" + # cron_file: user_lifecycle diff --git a/roles/lifecycle/templates/lifecycle-pool-72.conf.j2 b/roles/lifecycle/templates/lifecycle-pool-72.conf.j2 deleted file mode 100644 index ef2217ba1..000000000 --- a/roles/lifecycle/templates/lifecycle-pool-72.conf.j2 +++ /dev/null @@ -1,225 +0,0 @@ -; Create a new pool named lifecycle. -[lifecycle] - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. - -; Use unix socket -listen = /var/run/php-fpm/lifecycle-pool-72.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: -1 -;listen.backlog = -1 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -listen.allowed_clients = 127.0.0.1 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 -listen.owner = apache -listen.group = apache -listen.mode = 0640 - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = {{ lifecycle_user }} -group = {{ lifecycle_user }} - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives: -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; Note: This value is mandatory. -pm = ondemand - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' -; Note: This value is mandatory. -pm.max_children = 20 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -;pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -;pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -;pm.max_spare_servers = 5 - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -pm.max_requests = 300 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. By default, the status page shows the following -; information: -; accepted conn - the number of request accepted by the pool; -; pool - the name of the pool; -; process manager - static or dynamic; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes. -; The values of 'idle processes', 'active processes' and 'total processes' are -; updated each second. The value of 'accepted conn' is updated in real time. -; Example output: -; accepted conn: 12073 -; pool: www -; process manager: static -; idle processes: 35 -; active processes: 65 -; total processes: 100 -; By default the status page output is formatted as text/plain. Passing either -; 'html' or 'json' as a query string will return the corresponding output -; syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/php-fpm/www-slow.log - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. This value must be an absolute path. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -;catch_workers_output = yes - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -php_admin_value[error_log] = /var/log/php-fpm/lifecycle-error.log -php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 128M - -; Set session path to a directory owned by process user -php_value[session.save_handler] = files -php_value[session.save_path] = {{ php_session_dir }}/lifecycle -php_value[disable_functions] = {{ php_disabled_functions }} diff --git a/roles/lifecycle/templates/lifecycle.conf.j2 b/roles/lifecycle/templates/lifecycle.conf.j2 deleted file mode 100644 index a2252c132..000000000 --- a/roles/lifecycle/templates/lifecycle.conf.j2 +++ /dev/null @@ -1,35 +0,0 @@ -{% if apache_app_listen_address.lifecycle is defined %} -Listen {{ apache_app_listen_address.lifecycle }}:{{ loadbalancing.lifecycle.port }} - -{% else %} - -{% endif %} - ServerAdmin {{ admin_email }} - DocumentRoot "{{ lifecycle_current_release_symlink }}/public" - SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - - Require all granted - Options -MultiViews - RewriteEngine On - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ index.php [QSA,L] - - ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php-fpm/lifecycle-pool-72.sock|fcgi://localhost{{ lifecycle_current_release_symlink }}/public/$1 - ErrorLog "|/usr/bin/logger -S 32k -p local3.err -t 'Apache-LIFECYCLE'" - CustomLog "|/usr/bin/logger -S 32k -p local3.info -t 'Apache-LIFECYCLE'" combined - - {% if haproxy_backend_tls %} - SSLEngine on - SSLCertificateFile {{ tls.cert_path }}/backend.{{ base_domain }}.pem - SSLCertificateKeyFile {{ tls.cert_private_path }}/backend.{{ base_domain }}.key - Include ssl_backend.conf - {% endif %} - - {% if apache_app_listen_address.all is defined %} - SSLEngine on - SSLCertificateFile {{ tls.cert_path }}/{{ tls_star_cert }} - SSLCertificateKeyFile {{ tls.cert_private_path }}/{{ tls_star_cert_key }} - SSLCertificateChainFile {{ tls.cert_path_ca }}/{{ tls_ca }} - Include ssl_backend.conf - {% endif %} - diff --git a/roles/lifecycle/templates/makeRelease.sh.j2 b/roles/lifecycle/templates/makeRelease.sh.j2 deleted file mode 100644 index d9384ee70..000000000 --- a/roles/lifecycle/templates/makeRelease.sh.j2 +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/sh -# Copy of SP Dashboard makeRelease.sh file. Please review everything carefully! - -PREVIOUS_SF_ENV=${SYMFONY_ENV} -export SYMFONY_ENV="{{ lifecycle_symfony_env }}" - -RELEASE_DIR=${HOME}/Releases -GITHUB_USER=OpenConext -PROJECT_NAME=OpenConext-user-lifecycle - -if [ -z "$1" ] -then - -cat << EOF -Please specify the tag or branch to make a release of. - -Examples: - - sh makeRelease.sh 0.1.0 - sh makeRelease.sh master - sh makeRelease.sh develop - -If you want to GPG sign the release, you can specify the "sign" parameter, this will -invoke the gpg command line tool to sign it. - - sh makeRelease 0.1.0 sign - -EOF -exit 1 -else - TAG=$1 -fi - -PROJECT_DIR_NAME=${PROJECT_NAME}-${TAG//\//_} && -PROJECT_DIR=${RELEASE_DIR}/${PROJECT_DIR_NAME} && - -echo "Preparing environment" && -mkdir -p ${RELEASE_DIR} && -rm -rf ${PROJECT_DIR} && -cd ${RELEASE_DIR} -git clone https://github.com/${GITHUB_USER}/${PROJECT_NAME}.git ${PROJECT_DIR_NAME} && - -cd ${PROJECT_DIR} && -git checkout ${TAG} && -echo "Running Composer Install"; -curl -sS https://getcomposer.org/installer | php -php ./composer.phar install -n --prefer-dist -o --ignore-platform-reqs&& - -echo "Tagging the release in RELEASE file" && -COMMITHASH=`git rev-parse HEAD` && -echo "Tag: ${TAG}" > ${PROJECT_DIR}/RELEASE && -echo "Commit: ${COMMITHASH}" >> ${PROJECT_DIR}/RELEASE && - -echo "Cleaning build of dev files" && -rm -rf ${PROJECT_DIR}/.idea && -rm -rf ${PROJECT_DIR}/.git && -rm -f ${PROJECT_DIR}/.gitignore && -rm -f ${PROJECT_DIR}/makeRelease.sh && -rm -f ${PROJECT_DIR}/bin/composer.phar && -rm -rf ${PROJECT_DIR}/features && -rm -rf ${PROJECT_DIR}/behat.yml && -rm -rf ${PROJECT_DIR}/build.xml && -rm -rf ${PROJECT_DIR}/tests && -rm -rf ${PROJECT_DIR}/ci && -rm -rf ${PROJECT_DIR}/.travis.yml && -rm -rf ${PROJECT_DIR}/ansible && -rm -rf ${PROJECT_DIR}/Vagrantfile && - -echo "Create tarball" && -cd ${RELEASE_DIR} && -tar -czf ${PROJECT_DIR_NAME}.tar.gz ${PROJECT_DIR_NAME} - - -echo "Create checksum file" && -cd ${RELEASE_DIR} && -if hash sha1sum 2>/dev/null; then - sha1sum ${PROJECT_DIR_NAME}.tar.gz > ${PROJECT_DIR_NAME}.sha -else - shasum ${PROJECT_DIR_NAME}.tar.gz > ${PROJECT_DIR_NAME}.sha -fi - -if [ -n "$2" ] -then - if [ "$2" == "sign" ] - then - echo "Signing build" - cd ${RELEASE_DIR} - gpg -o ${PROJECT_DIR_NAME}.sha.gpg --clearsign ${PROJECT_DIR_NAME}.sha - fi -fi - -export SYMFONY_ENV=${PREVIOUS_SF_ENV} diff --git a/roles/lifecycle/templates/parameters.yml.j2 b/roles/lifecycle/templates/parameters.yml.j2 index 4e69bca28..20c2f5ceb 100644 --- a/roles/lifecycle/templates/parameters.yml.j2 +++ b/roles/lifecycle/templates/parameters.yml.j2 @@ -1,4 +1,7 @@ parameters: + app_env: prod + app_debug: false + app_secret: {{ lifecycle_symfony_secret }} database_host: {{ lifecycle_db_host }} database_port: 3306 database_name: {{ lifecycle_eb_logins_db }} diff --git a/roles/lifecycle/vars/main.yml b/roles/lifecycle/vars/main.yml new file mode 100644 index 000000000..0eb9d3835 --- /dev/null +++ b/roles/lifecycle/vars/main.yml @@ -0,0 +1,13 @@ +--- +appname: lifecycle +lifecycle_version: '' +lifecycle_user: lifecycle +lifecycle_symfony_env: prod +lifecycle_eb_logins_db: eb_logins +lifecycle_db_host: localhost +lifecycle_user_quota: 1500 +lifecycle_inactivity_period: 37 +lifecycle_api_enabled: true +lifecycle_api_password: secret +lifecycle_api_username: lifecycle +current_release_config_dir_name: /opt/openconext/{{ appname }}