diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index d1753770..f2c1a81f 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - image: ["debian:buster", "debian:bullseye"] + image: ["debian:bullseye", "debian:bookworm"] rails_env: [staging, production] container: image: ${{ matrix.image }} @@ -19,9 +19,7 @@ jobs: - name: Update system packages run: apt-get update -y - name: Install needed packages - run: apt-get install -y lsb-release sudo python3-pip openssh-server - - name: Install Ansible - run: pip3 install ansible + run: apt-get install -y lsb-release sudo python3-pip openssh-server ansible - name: Create hosts file run: echo "localhost ansible_connection=local ansible_user=root" > hosts - name: Generate dummy SSH key diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 136d2d80..83f2cfa0 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -7,11 +7,14 @@ on: jobs: ubuntu: - runs-on: ${{ matrix.os }} + runs-on: ${{ matrix.platforms.os }} strategy: fail-fast: false matrix: - os: [ubuntu-20.04] + platforms: [ + { os: "ubuntu-20.04", errbit: "True" }, + { os: "ubuntu-22.04", errbit: "False"} + ] rails_env: [staging, production] steps: - uses: actions/checkout@v2 @@ -29,4 +32,4 @@ jobs: - name: Generate dummy SSH key run: ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa - name: Run CONSUL DEMOCRACY installer - run: ansible-playbook consul.yml -i hosts --extra-vars "env=${{ matrix.rails_env }} domain=localhost errbit=True" + run: ansible-playbook consul.yml -i hosts --extra-vars "env=${{ matrix.rails_env }} domain=localhost errbit=${{ matrix.platforms.errbit }}" diff --git a/README.md b/README.md index 0f134ffe..a06707d8 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# CONSUL DEMOCRACY Installer ![Build status](https://github.com/consuldemocracy/installer/workflows/tests/badge.svg) +# CONSUL DEMOCRACY Installer ![Build status on Ubuntu](https://github.com/consuldemocracy/installer/workflows/ubuntu/badge.svg) [CONSUL DEMOCRACY](https://github.com/consuldemocracy/consuldemocracy) installer for production environments @@ -26,8 +26,9 @@ It will also create a `deploy` user to install these libraries A remote server with one of the supported distributions: - Ubuntu 20.04 x64 -- Debian Buster x64 +- Ubuntu 22.04 x64 - Debian Bullseye x64 +- Debian Bookworm x64 Access to a remote server via public ssh key without password. The default user is `deploy` but you can [use any user](#using-a-different-user-than-deploy) with sudo privileges. @@ -103,12 +104,12 @@ To restart the server and deploy new code to the server we have to configure Cap Create your [fork](https://help.github.com/articles/fork-a-repo/) -Setup locally for your [development environment](https://docs.consuldemocracy.org/docs/english-documentation/introduction/local_installation) +Setup locally for your [development environment](https://docs.consuldemocracy.org/tech_docs/introduction-1/local_installation) Checkout the latest stable version: ``` -git checkout origin/2.0.1 -b stable +git checkout origin/2.1.1 -b stable ``` Create your `deploy-secrets.yml` @@ -211,13 +212,13 @@ Using https instead of http is an important security configuration. Before you b Once you have that setup we need to configure the Installer to use your domain in the application. -First, uncomment the `domain` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all) and update it with your domain name: +First, uncomment the `domain` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all) and update it with your domain name: ``` #domain: "your_domain.com" ``` -Next, uncomment the `letsencrypt_email` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all) and update it with a valid email address: +Next, uncomment the `letsencrypt_email` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all) and update it with a valid email address: ``` #letsencrypt_email: "your_email@example.com" @@ -264,7 +265,7 @@ If you are on Ubuntu and would like to use its default `sudo` group instead of ` deploy_group: sudo ``` -There are many more variables available check them out [here]((https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all)) +There are many more variables available check them out [here]((https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all)) ## Other deployment options @@ -294,7 +295,7 @@ If you do not have `root` access, you will need your system administrator to gra ## Using a different user than deploy -Change the variable [deploy_user](https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all#L12) to the username you would like to use. +Change the variable [deploy_user](https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all#L12) to the username you would like to use. ## Ansible Documentation diff --git a/app.yml b/app.yml index d4a40482..0048ded2 100644 --- a/app.yml +++ b/app.yml @@ -18,6 +18,7 @@ roles: - folder_structure - ruby + - nodejs - rails - email - queue diff --git a/galaxy/yatesr.timezone/tasks/main.yml b/galaxy/yatesr.timezone/tasks/main.yml index 9f4fdc6b..3b86b454 100644 --- a/galaxy/yatesr.timezone/tasks/main.yml +++ b/galaxy/yatesr.timezone/tasks/main.yml @@ -1,2 +1,2 @@ --- -- include: timezone.yml +- include_tasks: timezone.yml diff --git a/group_vars/all b/group_vars/all index 0dcdfb17..4cdd1ad2 100644 --- a/group_vars/all +++ b/group_vars/all @@ -7,6 +7,9 @@ server_hostname: "{{ domain | default(ansible_default_ipv4.address) }}" # Server Timezone timezone: Europe/Madrid +# Consul Democracy Timezone +application_timezone: "{{ timezone }}" + # General settings env: production deploy_user: deploy @@ -34,6 +37,14 @@ database_user: "{{ deploy_user }}" database_password: "{{ deploy_user }}" database_hostname: "localhost" +# Puma +# If you use Capistrano to deploy, make sure the puma_service_unit_name +# variable is the same as `:puma_service_unit_name` in Capistrano +puma_service_unit_name: "puma_{{ app_name }}_{{ env }}" +puma_config_file: "{{ release_dir }}/config/puma/{{ env }}.rb" +puma_access_log: "{{ shared_dir }}/log/puma_access.log" +puma_error_log: "{{ shared_dir }}/log/puma_error.log" + #SMTP smtp_address: "smtp.example.com" smtp_port: 25 @@ -45,6 +56,13 @@ smtp_authentication: "plain" #LetsEncrypt letsencrypt_email: "hello@democrateam.com" +# Node.js +fnm_dir: "{{ home_dir }}/.fnm" +fnm_command: "export PATH=\"{{ fnm_dir }}/:$PATH\" && eval \"$(fnm env)\"" + +# RVM +rvm_command: "source {{ home_dir }}/.rvm/scripts/rvm" + # Errbit errbit: False errbit_dir: "{{ home_dir }}/errbit" diff --git a/roles/errbit/tasks/main.yml b/roles/errbit/tasks/main.yml index beb5a428..51f844bb 100644 --- a/roles/errbit/tasks/main.yml +++ b/roles/errbit/tasks/main.yml @@ -35,7 +35,7 @@ executable: /bin/bash - name: Install libv8-node for the right platform - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && gem install libv8-node --version '{{ libv8_version.stdout }}' --platform x86_64-linux-libc" + shell: "{{ rvm_command }} && gem install libv8-node --version '{{ libv8_version.stdout }}' --platform x86_64-linux-libc" args: chdir: "{{ errbit_dir }}" executable: /bin/bash @@ -48,13 +48,13 @@ executable: /bin/bash - name: Install the mini_racer gem - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && gem install mini_racer --version '{{ mini_racer_version.stdout }}'" + shell: "{{ rvm_command }} && gem install mini_racer --version '{{ mini_racer_version.stdout }}'" args: chdir: "{{ errbit_dir }}" executable: /bin/bash - name: Install Errbit dependencies - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bundle install" + shell: "{{ rvm_command }} && bundle install" args: chdir: "{{ errbit_dir }}" executable: /bin/bash @@ -81,7 +81,7 @@ - when: not existing_secret_key_base.found block: - name: Generate secret key - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bin/rake secret" + shell: "{{ rvm_command }} && bin/rake secret" register: secret_key_base args: chdir: "{{ errbit_dir }}" @@ -93,13 +93,13 @@ line: "SECRET_KEY_BASE={{ secret_key_base.stdout }}" - name: Setup Errbit - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && RAILS_ENV={{ env }} bin/rake errbit:bootstrap" + shell: "{{ rvm_command }} && RAILS_ENV={{ env }} bin/rake errbit:bootstrap" args: chdir: "{{ errbit_dir }}" executable: /bin/bash - name: Precompile Errbit assets - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && RAILS_ENV={{ env }} bin/rake assets:precompile" + shell: "{{ rvm_command }} && RAILS_ENV={{ env }} bin/rake assets:precompile" args: chdir: "{{ errbit_dir }}" executable: /bin/bash @@ -121,7 +121,7 @@ enabled: true - name: Create app if it does not exist - shell: 'source /home/{{ deploy_user }}/.rvm/scripts/rvm && bin/rails runner -e {{ env }} "App.create(name: \"{{ domain }}\")"' + shell: '{{ rvm_command }} && bin/rails runner -e {{ env }} "App.create(name: \"{{ domain }}\")"' args: chdir: "{{ errbit_dir }}" executable: /bin/bash @@ -146,7 +146,7 @@ replace: ' errbit_host: "https://{{ errbit_domain }}"' - name: Restart CONSUL DEMOCRACY - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && RAILS_ENV={{ env }} bin/rails restart" + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec bin/rails restart RAILS_ENV={{ env }}" args: chdir: "{{ release_dir }}" executable: /bin/bash diff --git a/roles/errbit/templates/errbit.service b/roles/errbit/templates/errbit.service index 8d496270..00f03365 100644 --- a/roles/errbit/templates/errbit.service +++ b/roles/errbit/templates/errbit.service @@ -7,7 +7,7 @@ After=mongodb.service network.target Type=simple WorkingDirectory={{ errbit_dir }} Environment=RAILS_ENV={{ env }} -ExecStart=/bin/bash -lc 'source {{ home_dir }}/.rvm/scripts/rvm && bundle exec puma -C {{ errbit_dir }}/config/puma.default.rb -e {{ env }}' +ExecStart=/bin/bash -lc '{{ rvm_command }} && bundle exec puma -C {{ errbit_dir }}/config/puma.default.rb -e {{ env }}' Restart=always User={{ errbit_user }} Group={{ errbit_group }} diff --git a/roles/folder_structure/tasks/main.yml b/roles/folder_structure/tasks/main.yml index 5d17d713..15def20c 100644 --- a/roles/folder_structure/tasks/main.yml +++ b/roles/folder_structure/tasks/main.yml @@ -22,7 +22,7 @@ state: directory - name: Create first release - shell: "git archive 2.0.1 | /usr/bin/env tar -x -f - -C {{ first_release_dir }}" + shell: "git archive 2.1.1 | /usr/bin/env tar -x -f - -C {{ first_release_dir }}" args: chdir: "{{ consul_dir }}/repo" diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml new file mode 100644 index 00000000..ca3f20da --- /dev/null +++ b/roles/nodejs/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Install fnm + shell: | + curl -fsSL https://fnm.vercel.app/install | bash -s -- --install-dir "{{ fnm_dir }}" + args: + chdir: "{{ home_dir }}" + executable: /bin/bash + creates: "{{ fnm_dir }}/fnm" + +- name: Read Node.js version + shell: "cat .node-version" + args: + chdir: "{{ release_dir }}" + register: node_version + +- name: Install nodejs via fnm + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm install {{ node_version.stdout }}" + args: + chdir: "{{ release_dir }}" + executable: /bin/bash + register: fnm_install_result + until: "fnm_install_result is not failed" + retries: 10 + delay: 10 + +- name: Install Node packages + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec npm install --production" + args: + chdir: "{{ release_dir }}" + executable: /bin/bash diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index e3aaefc3..b995f2d6 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -17,17 +17,18 @@ - become: true become_user: postgres block: - - name: Create PostgreSQL database - postgresql_db: - name: "{{ database_name }}" - - name: Create PostgreSQL users postgresql_user: + state: present name: "{{ database_user }}" password: "{{ database_password }}" - db: "{{ database_name }}" encrypted: yes - priv: ALL + + - name: Create PostgreSQL database + postgresql_db: + state: present + name: "{{ database_name }}" + owner: "{{ database_user }}" - name: Create the shared extensions schema postgresql_schema: diff --git a/roles/puma/tasks/main.yml b/roles/puma/tasks/main.yml index 41831f10..5b20b38f 100644 --- a/roles/puma/tasks/main.yml +++ b/roles/puma/tasks/main.yml @@ -7,29 +7,68 @@ - "pids" - "sockets" -- name: Check that puma is running - stat: - path: "{{ shared_dir }}/tmp/pids/puma.pid" - register: puma_process - -- name: Get running puma process - shell: "cat {{ shared_dir }}/tmp/pids/puma.pid" - register: running_process - when: puma_process.stat.exists == True - -- name: Kill running process - shell: "kill -QUIT {{ item }}" - with_items: "{{ running_process.stdout_lines }}" - when: puma_process.stat.exists == True - -- name: Start puma - shell: "source {{ home_dir }}/.rvm/scripts/rvm && bundle exec puma -C {{ release_dir }}/config/puma/{{ env }}.rb -e {{ env }} -d" - args: - chdir: "{{ release_dir }}" - executable: /bin/bash - -- name: Make sure Nginx has write access to the puma socket - shell: "chmod o+w tmp/sockets/*" - args: - chdir: "{{ release_dir }}" - executable: /bin/bash +- name: Create systemd folder + file: + path: "{{ home_dir }}/.config/systemd/user" + state: directory + +- name: Copy Puma service file to the systemd folder + template: + src: "{{ playbook_dir }}/roles/puma/templates/puma.service" + dest: "{{ home_dir }}/.config/systemd/user/{{ puma_service_unit_name }}.service" + +- name: Copy Puma socket file to the systemd folder + template: + src: "{{ playbook_dir }}/roles/puma/templates/puma.socket" + dest: "{{ home_dir }}/.config/systemd/user/{{ puma_service_unit_name }}.socket" + +- name: Get distribution codename + shell: lsb_release -c --short + register: distro_codename + +- when: distro_codename.stdout == "focal" or distro_codename.stdout == "jammy" or not lookup("env", "CI") + block: + - name: Check if user has access to systemd while running ansible tasks + stat: + path: "/var/lib/systemd/linger/{{ deploy_user }}" + register: linger_enabled + + - name: Enable systemd access if needed + command: "loginctl enable-linger {{ deploy_user }}" + when: not linger_enabled.stat.exists + + - name: Get user UID + shell: "id -u" + register: current_uid + + - name: Enable puma socket activation + systemd: + name: "{{ puma_service_unit_name }}.socket" + daemon_reload: true + enabled: true + state: started + scope: user + environment: + XDG_RUNTIME_DIR: "/run/user/{{ current_uid.stdout }}" + + - name: Start puma + systemd: + name: "{{ puma_service_unit_name }}.service" + daemon_reload: true + enabled: true + state: started + scope: user + environment: + XDG_RUNTIME_DIR: "/run/user/{{ current_uid.stdout }}" + + - name: Wait until Puma has created the socket + wait_for: + path: "{{ release_dir }}/tmp/sockets/puma.sock" + state: present + msg: Puma socket is not available + + - name: Make sure Nginx has write access to the puma socket + shell: "chmod o+w tmp/sockets/*" + args: + chdir: "{{ release_dir }}" + executable: /bin/bash diff --git a/roles/puma/templates/puma.service b/roles/puma/templates/puma.service new file mode 100644 index 00000000..ecc9592f --- /dev/null +++ b/roles/puma/templates/puma.service @@ -0,0 +1,19 @@ +[Unit] +Description=Puma HTTP Server for {{ app_name }} ({{ env }}) +After=network.target +Requires={{ puma_service_unit_name }}.socket + +[Service] +Type=simple +WorkingDirectory={{ release_dir }} +ExecStart=/bin/bash -lc '{{ rvm_command }} && bundle exec puma -C {{ puma_config_file }} -e {{ env }}' +ExecReload=/bin/kill -USR1 $MAINPID +StandardOutput=append:{{ puma_access_log }} +StandardError=append:{{ puma_error_log }} +Environment=EXECJS_RUNTIME=Disabled +Restart=always +RestartSec=1 +SyslogIdentifier=puma + +[Install] +WantedBy=default.target diff --git a/roles/puma/templates/puma.socket b/roles/puma/templates/puma.socket new file mode 100644 index 00000000..f5fdbf75 --- /dev/null +++ b/roles/puma/templates/puma.socket @@ -0,0 +1,20 @@ +[Unit] +Description=Puma HTTP Server Accept Sockets for {{ app_name }} ({{ env }}) + +[Socket] +ListenStream={{ shared_dir }}/tmp/sockets/puma.sock + +# Don't let systemd accept the request, wait for Puma to do that. +# Systemd will start the puma service upon first request if it wasn't started. +# +# You might also want to set your Nginx upstream to have a fail_timeout large enough to accomodate your app's +# startup time. +Accept=no + +ReusePort=true +Backlog=1024 + +SyslogIdentifier=puma_socket + +[Install] +WantedBy=sockets.target diff --git a/roles/queue/tasks/main.yml b/roles/queue/tasks/main.yml index 3e6889b8..3686c680 100644 --- a/roles/queue/tasks/main.yml +++ b/roles/queue/tasks/main.yml @@ -1,5 +1,5 @@ - name: Start DelayedJobs queue - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && RAILS_ENV={{ env }} bin/delayed_job -m -n 2 restart" + shell: "{{ fnm_command }} && {{ rvm_command }} && RAILS_ENV={{ env }} fnm exec bin/delayed_job -m -n 2 restart" args: executable: /bin/bash chdir: "{{ release_dir }}" diff --git a/roles/rails/tasks/main.yml b/roles/rails/tasks/main.yml index 9e748af3..c037b569 100644 --- a/roles/rails/tasks/main.yml +++ b/roles/rails/tasks/main.yml @@ -1,12 +1,12 @@ --- - name: Configure Bundler path - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bundle config --local path {{ shared_dir }}/bundle" + shell: "{{ rvm_command }} && bundle config --local path {{ shared_dir }}/bundle" args: chdir: "{{ release_dir }}" executable: /bin/bash - name: Configure Bundler environments - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bundle config --local without development:test" + shell: "{{ rvm_command }} && bundle config --local without development:test" args: chdir: "{{ release_dir }}" executable: /bin/bash @@ -26,7 +26,7 @@ when: not usr_bin_mkdir.stat.exists - name: Install gems (this may take a few minutes) - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bundle install" + shell: "{{ rvm_command }} && bundle install" args: chdir: "{{ release_dir }}" executable: /bin/bash @@ -60,7 +60,7 @@ replace: '{{ env }}:\n # secret_key_base: ""\n server_name: "{{ server_hostname }}"' - name: Generate secret key - shell: "source {{ home_dir }}/.rvm/scripts/rvm && bin/rake secret RAILS_ENV={{ env }}" + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec bin/rake secret RAILS_ENV={{ env }}" register: secret_key_base args: chdir: "{{ release_dir }}" @@ -72,6 +72,12 @@ regexp: '^{{ env }}:\n # secret_key_base: ""' replace: '{{ env }}:\n secret_key_base: "{{ secret_key_base.stdout }}"' +- name: Update application timezone configuration in secrets.yml + replace: + path: "{{ shared_dir }}/config/secrets.yml" + regexp: '^ # time_zone: ""' + replace: ' time_zone: "{{ application_timezone }}"' + - name: Do not force https connection replace: path: "{{ shared_dir }}/config/secrets.yml" @@ -80,25 +86,25 @@ when: domain is not defined - name: Create Database - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bin/rake db:migrate RAILS_ENV={{ env }}" + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec bin/rake db:migrate RAILS_ENV={{ env }}" args: chdir: "{{ release_dir }}" executable: /bin/bash - name: Load configuration seeds - shell: "source /home/{{ deploy_user}}/.rvm/scripts/rvm && bin/rake db:seed RAILS_ENV={{ env }}" + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec bin/rake db:seed RAILS_ENV={{ env }}" args: chdir: "{{ release_dir }}" executable: /bin/bash - name: Precompile assets - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bin/rake assets:precompile RAILS_ENV={{ env }}" + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec bin/rake assets:precompile RAILS_ENV={{ env }}" args: chdir: "{{ release_dir }}" executable: /bin/bash - name: Update crontab with whenever - shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bundle exec whenever --update-crontab {{ app_name }} --set environment={{ env }}" + shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec bundle exec whenever --update-crontab {{ app_name }} --set environment={{ env }}" args: chdir: "{{ release_dir }}" executable: /bin/bash diff --git a/roles/specs/tasks/main.yml b/roles/specs/tasks/main.yml index f22bf63b..70337d28 100644 --- a/roles/specs/tasks/main.yml +++ b/roles/specs/tasks/main.yml @@ -1,34 +1,36 @@ --- -- when: domain is defined +- when: distro_codename.stdout == "focal" or distro_codename.stdout == "jammy" or not lookup("env", "CI") block: - - action: uri url=https://{{ server_hostname }} return_content=yes validate_certs=False - register: webpage_https_with_domain + - when: domain is defined + block: + - action: uri url=https://{{ server_hostname }} return_content=yes validate_certs=False + register: webpage_https_with_domain - - fail: - msg: "service is not happy {{ webpage_https_with_domain.content }}" - when: "'CONSUL' not in webpage_https_with_domain.content" + - fail: + msg: "service is not happy {{ webpage_https_with_domain.content }}" + when: "'CONSUL' not in webpage_https_with_domain.content" - - name: Redirect to https - uri: - url: http://{{ server_hostname }} - follow_redirects: no - validate_certs: yes - status_code: 301 + - name: Redirect to https + uri: + url: http://{{ server_hostname }} + follow_redirects: no + validate_certs: yes + status_code: 301 -- when: domain is not defined - block: - - action: uri url=http://127.0.0.1 return_content=yes validate_certs=False - register: webpage_https + - when: domain is not defined + block: + - action: uri url=http://127.0.0.1 return_content=yes validate_certs=False + register: webpage_https - - fail: - msg: "service is not happy {{ webpage_https.content }}" - when: "'CONSUL' not in webpage_https.content" + - fail: + msg: "service is not happy {{ webpage_https.content }}" + when: "'CONSUL' not in webpage_https.content" - - name: Do not redirect to https - uri: - url: http://{{ server_hostname }} - follow_redirects: no - status_code: 200 + - name: Do not redirect to https + uri: + url: http://{{ server_hostname }} + follow_redirects: no + status_code: 200 - name: Get running delayed job processes shell: "ps -ef | grep -v grep | grep -w delayed_job | awk '{print $2}'" diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml index e3cd8f51..f9d23644 100644 --- a/roles/system/tasks/main.yml +++ b/roles/system/tasks/main.yml @@ -22,26 +22,10 @@ apt: name: apt-transport-https -- name: Add Node key - become: yes - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - state: present - -- name: Get distribution codename - shell: lsb_release -c --short - register: distro_codename - -- name: Add Node repository - become: true - apt_repository: - repo: "deb https://deb.nodesource.com/node_10.x {{ distro_codename.stdout }} main" - state: present - - name: Remove apache server become: true apt: name: apache2 state: absent -- include: tools.yml +- include_tasks: tools.yml diff --git a/roles/system/tasks/tools.yml b/roles/system/tasks/tools.yml index 6b2ad711..1997236a 100644 --- a/roles/system/tasks/tools.yml +++ b/roles/system/tasks/tools.yml @@ -20,8 +20,8 @@ - libffi-dev - curl - libcurl4-openssl-dev - - nodejs - libpq-dev - imagemagick - ruby-dev - shared-mime-info + - policykit-1 diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index afd752ce..220a9fa8 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -18,6 +18,14 @@ state: present shell: /bin/bash +- name: Ensure correct permissions of deploy user home directory + file: + path: "{{ home_dir }}" + owner: "{{ deploy_user }}" + group: "{{ deploy_group }}" + mode: 0755 + state: directory + - name: Install SSH key authorized_key: user: "{{ deploy_user }}"