-
Notifications
You must be signed in to change notification settings - Fork 1
/
web.yml
311 lines (266 loc) · 7.87 KB
/
web.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
# Deploy a pencilcode web server
- name: Set up unix user accounts
hosts: tag_webserver
connection: ssh
become: yes
tasks:
- name: Create source user
user: name=source uid=1100 group=users shell=/bin/bash
- name: Fix sudoers file to allow sudo -u
replace: >
dest=/etc/sudoers
regexp='^(\w+) ALL=NOPASSWD: ALL$'
replace='\1 ALL=(ALL) NOPASSWD: ALL'
validate='visudo -cf %s'
- name: Install standard packages
hosts: tag_webserver
gather_facts: no
connection: ssh
become: yes
tasks:
- name: Install https support for apt
apt: name=apt-transport-https
- name: upgrade apt packages to the latest version
apt: upgrade=dist
# original url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
- name: Add nodesource signing key
apt_key: >
url=https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
id=68576280
- name: Add nodesource apt repository
apt_repository: >
repo='deb https://deb.nodesource.com/node_6.x xenial main'
- name: Install apt packages
apt: pkg={{ item }} state=latest
with_items:
- build-essential
- nginx
- uwsgi
- uwsgi-plugin-python
- nodejs
- git
- libfontconfig1
- logrotate
- vim
- bash-completion
- name: Create apache-style nginx configuration directories
file: path={{ item }} state=directory
with_items:
- /etc/nginx/sites-enabled
- /etc/nginx/sites-available
- name: Replace nginx top-level configuration, to run as www-data
copy: src=files/nginx.conf dest=/etc/nginx/nginx.conf
notify:
- restart nginx
- name: Remove nginx default website
file: path={{ item }} state=absent
with_items:
- /etc/nginx/sites-enabled/default
- /etc/nginx/conf.d
notify:
- restart nginx
- name: Install global npm packages
npm: name={{ item }} global=yes production=yes
with_items:
- grunt-cli
- forever
handlers:
- name: restart nginx
systemd: name=nginx daemon_reload=yes state=restarted
- name: Pull and build project code
hosts: tag_webserver
connection: ssh
become: yes
roles:
- role: nodeproject
repo: https://github.com/PencilCode/pencilcode.git
dir: pencilcode
version: master
tags: pull_pencilcode
- role: nodeproject
repo: https://github.com/PencilCode/pencilcode.git
dir: staging
tags: pull_staging
- role: nodeproject
repo: https://github.com/PencilCode/codegym.git
dir: gym
tags: pull_gym
- role: nodeproject
repo: https://github.com/PencilCode/blog.git
dir: blog
tags: pull_blog
- role: nodeproject
repo: https://github.com/PencilCode/reference.git
dir: ref
tags: pull_ref
- role: nodeproject
repo: https://github.com/PencilCode/animate.git
dir: animate
tags: pull_animate
- name: Link pencilcode service directories
hosts: tag_webserver
connection: ssh
become: yes
vars_files:
- vars/secrets.yml
pre_tasks:
- file: path=/mnt/datadisk/{{ item }} state=directory mode=755
become_user: www-data
with_items:
- cache
- data
- file: path=/srv/site state=directory mode=755
- name: Create /srv/site/proxycache
file: path=/srv/site/proxycache state=directory
owner=www-data group=www-data
roles:
- role: topdomain
domain_dir: pencilcode.org
source_dir: pencilcode
- role: topdomain
domain_dir: pencil.cc
source_dir: staging
# domain_ssl_key: "{{ pencilcc_ssl_key }}"
# domain_ssl_file: "pencilcc"
- role: topdomain
domain_dir: pencil.io
source_dir: pencilcode
tasks:
- file: dest=/srv/site/{{ item }} state=link src=/home/source/{{ item }}/out
with_items:
- animate
- blog
- gym
- ref
- name: Setup fishs service
hosts: tag_webserver
connection: ssh
become: yes
roles:
- role: nodeproject
repo: https://github.com/PencilCode/fish.git
dir: fish
tags: pull_fish
tasks:
- file: path=/srv/fish state=directory mode=755
- file: state=link dest=/srv/fish/{{ item }} src=/home/source/{{ item }}
with_items:
- staging
- animate
- blog
- gym
- ref
- fish
- name: Install fishs service
file: dest=/etc/init.d/fishs state=link
src=/srv/fish/fish/fishs
notify: restart fishs
- file: path=/var/log/fishs state=directory mode=755
handlers:
- name: restart fishs
systemd: name=fishs daemon_reload=yes state=restarted
- name: Setup main pencilcode repository
hosts: tag_webserver
connection: ssh
become: yes
vars_files:
- vars/secrets.yml
roles:
- role: nodeproject
repo: "https://github.com/PencilCode/pencilcode.git"
dir: pencilcode
tags: pull_pencilcode
version: master
notify: ["restart nginx", "restart pencils", "restart pencilsock"]
- role: topdomain
domain_dir: pencilcode.net
source_dir: pencilcode
domain_ssl_key: "{{ pencilcode_ssl_key }}"
domain_ssl_file: "pencilcode"
tasks:
- name: Link /srv/site/root to pencilcode source
file: dest=/srv/site/root state=link
src=/home/source/pencilcode
- name: Install nginx_site.conf
file: state=link
dest=/etc/nginx/sites-available/nginx_site.conf
src=/srv/site/root/nginx/nginx_site.conf
notify:
- restart nginx
- name: Enable nginx_site.conf
file: state=link
dest=/etc/nginx/sites-enabled/nginx_site.conf
src=/etc/nginx/sites-available/nginx_site.conf
notify:
- restart nginx
- name: Install pencils service
file: dest=/etc/init.d/pencils state=link
src=/srv/site/root/pencils
notify:
- restart pencils
- file: path=/var/log/pencils state=directory mode=755
- name: Install pencilsock service
file: dest=/etc/init.d/pencilsock state=link
src=/srv/site/root/pencilsock
notify:
- restart pencilsock
- file: path=/var/log/pencilsock state=directory mode=755
- name: Install uwsgi services
file: dest=/etc/uwsgi/apps-available/{{ item }} state=link
src=/srv/site/root/wsgi/{{ item }}
with_items:
- img.json
- goto.json
notify:
- restart uwsgi
- name: Enable uwsgi services
file: dest=/etc/uwsgi/apps-enabled/{{ item }} state=link
src=/etc/uwsgi/apps-available/{{ item }}
with_items:
- img.json
- goto.json
notify:
- restart uwsgi
handlers:
- name: restart nginx
systemd: name=nginx daemon_reload=yes state=restarted
- name: restart pencilsock
systemd: name=pencilsock daemon_reload=yes state=restarted
- name: restart pencils
systemd: name=pencils daemon_reload=yes state=restarted
- name: restart uwsgi
systemd: name=uwsgi daemon_reload=yes state=restarted
- name: Set up logrotate configuration
hosts: tag_webserver
connection: ssh
become: yes
tasks:
- copy: src=files/logrotate/{{ item }} dest=/etc/logrotate.d/{{ item }}
with_items:
- nginx
- pencilsock
- pencils
- fishs
handlers:
- name: restart logrotate
systemd: name=logrotate daemon_reload=yes state=restarted
- name: Ensure all services are started
hosts: tag_webserver
connection: ssh
become: yes
tasks:
- name: enable sysv services
service: name={{ item }} enabled=yes
with_items:
- uwsgi
- pencilsock
- pencils
- fishs
- name: start services
systemd: name={{ item }} daemon_reload=yes state=started enabled=yes
with_items:
- nginx
- uwsgi
- pencilsock
- pencils
- fishs