* Support deploying to remote machines.
* Adds a new deploy_user variable to specify which (sudo-enabled)
user ansible should use as the default deployment user. All other
commands require a become:true to explicitly use root or other user.
* Create separate jabber_domain and web_domain variables
* Option to force git checkouts, overwriting local changes
Signed-off-by: Bill Erickson <berickxx@gmail.com>
# Apache
- name: Stop apache2
+ become: true
service: name=apache2 state=stopped
- name: Setup eg.conf
+ become: true
copy:
+ remote_src: true
src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache_24/eg_24.conf"
dest: /etc/apache2/sites-available/eg.conf
- name: Setup eg_vhost.conf
+ become: true
copy:
+ remote_src: true
src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache_24/eg_vhost_24.conf"
dest: /etc/apache2/eg_vhost.conf
- name: Setup eg_startup
+ become: true
copy:
+ remote_src: true
src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache/eg_startup"
dest: /etc/apache2/
- name: Create SSL Certs directory
+ become: true
file: path=/etc/apache2/ssl state=directory
- name: Setup SSL Certs
+ become: true
shell: >
cd /etc/apache2/ssl
&& openssl req -new -x509 -days 365 -nodes -out server.crt
- -keyout server.key -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN={{domain_name}}"
+ -keyout server.key -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN={{web_domain}}"
- name: Disable mpm_event
+ become: true
shell: /usr/sbin/a2dismod mpm_event
- name: Enable mpm_prefork
+ become: true
shell: /usr/sbin/a2enmod mpm_prefork
- name: Enable apache mod deflate
+ become: true
shell: /usr/sbin/a2enmod deflate
- name: Enable apache mod headers
+ become: true
shell: /usr/sbin/a2enmod headers
- name: Enable apache mod expires
+ become: true
shell: /usr/sbin/a2enmod expires
- name: Enable apache mod rewrite
+ become: true
shell: /usr/sbin/a2enmod rewrite
- name: Disable default site for apache
+ become: true
shell: /usr/sbin/a2dissite 000-default
- name: Enable eg.conf site for apache
+ become: true
shell: /usr/sbin/a2ensite eg.conf
- name: Change ownership of /var/lock/apache2 to opensrf
+ become: true
file: path=/var/lock/apache2 owner=opensrf group=opensrf
- name: Change run-user for apache to opensrf
+ become: true
replace:
dest: /etc/apache2/envvars
regexp: 'www-data'
replace: 'opensrf'
- name: Set KeepAliveTimeout value
+ become: true
replace:
dest: /etc/apache2/apache2.conf
regexp: 'KeepAliveTimeout .*'
replace: 'KeepAliveTimeout 1'
- name: Restarting Apache
+ become: true
service: name=apache2 state=started
- name: Restarting Websockets
+ become: true
# service name=apache2ctl-websockets state=restarted FAILS
shell: apache2ctl-websockets restart
- name: Install Postgres Prereqs
+ become: true
apt: name={{item}} state=present
with_items:
- python-psycopg2 # required by postgresql_user
- name: Install Postgres Dependencies
+ become: true
shell: >
cd {{repo_base}}/Evergreen
&& PERL_MM_USE_DEFAULT=1 make -f
# equivalent of the postgres-server-{{os_build_target}} steps.
- block:
- name: Add Postgresql 9.6 Apt Repository
+ become: true
shell: add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main"
- name: Add Postgresql 9.6 Apt Repository Key
+ become: true
shell: wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
- name: Install Postgresql 9.6 Server
+ become: true
apt:
update_cache: yes
name: "{{item}}"
- postgresql-server-dev-9.6
when: use_pg_96
- name: Start Postgres
+ become: true
service: name=postgresql state=started
- name: Create DB User
become: true
password: "{{database_password}}"
role_attr_flags: SUPERUSER
- name: Apply EG DB Schema
+ # eg_db_config modifies {{eg_install_path}}/conf/ files in
+ # addition to building the schema
+ become: true
+ become_user: opensrf
shell: >
perl {{repo_base}}/Evergreen/Open-ILS/src/support-scripts/eg_db_config
{{load_sample_data}}
when: create_schema
- block:
- name: Install PGTAP
+ become: true
apt: name=pgtap state=present
- name: Create PGTAP Extension
become: true
dest: "{{repo_base}}/Evergreen"
depth: "{{eg_clone_depth}}"
version: "{{eg_git_branch}}"
+ force: "{{force_git_checkout}}"
- name: Install Evergreen Prereqs
become: true
shell: >
cd {{repo_base}}/Evergreen
&& PERL_MM_USE_DEFAULT=1 make -f
Open-ILS/src/extras/Makefile.install {{os_build_target}}
-- name: Set ownership of {{repo_base}} to opensrf
- file: dest="{{repo_base}}" owner=opensrf group=opensrf recurse=yes
-- name: Build Evergreen
+- name: Set ownership of {{repo_base}} to {{deploy_user}}
become: true
- become_user: opensrf
+ file: dest={{repo_base}} owner={{deploy_user}} group={{deploy_user}} recurse=yes
+- name: Build Evergreen
environment:
PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin"
shell: >
&& autoreconf -i
&& ./configure --prefix={{eg_install_path}} --sysconfdir={{eg_install_path}}/conf
&& make
-- name: Set ownership of {{eg_install_path}} to opensrf
- file: dest="{{eg_install_path}}" owner=opensrf group=opensrf recurse=yes
cd {{repo_base}}/Evergreen
&& make STAFF_CLIENT_STAMP_ID={{eg_stamp_id}} install
- name: Create XUL Current Symlink
+ become: true
file:
state: link
src: "{{eg_install_path}}/var/web/xul/{{eg_stamp_id}}"
dest: "{{eg_install_path}}/var/web/xul/current"
- name: Create XUL Server Symlink
+ become: true
file:
state: link
src: "{{eg_install_path}}/var/web/xul/current/server"
dest: "{{eg_install_path}}/var/web/xul/server"
- name: Setup opensrf.xml config file
+ become: true
copy:
+ remote_src: true
src: "{{eg_install_path}}/conf/opensrf.xml.example"
dest: "{{eg_install_path}}/conf/opensrf.xml"
force: no
- name: Setup opensrf_core.xml config file
+ become: true
copy:
+ remote_src: true
src: "{{eg_install_path}}/conf/opensrf_core.xml.example"
dest: "{{eg_install_path}}/conf/opensrf_core.xml"
force: no
src: /tmp/dojo-release-{{dojo_version}}.tar.gz
dest: /tmp/
- name: Copy dojo source files into place
- synchronize: src=/tmp/dojo-release-{{dojo_version}}/ dest={{eg_install_path}}/var/web/js/dojo/
+ become: true
+ # 'synchronize' is much faster than 'copy' for large directories
+ # delegate_to tells synchronize source files live on the remote machine.
+ delegate_to: "{{inventory_hostname}}"
+ synchronize:
+ src: /tmp/dojo-release-{{dojo_version}}/
+ dest: "{{eg_install_path}}/var/web/js/dojo/"
- name: Set ownership of {{eg_install_path}} to opensrf
+ become: true
file: dest={{eg_install_path}} owner=opensrf group=opensrf recurse=yes
- name: Setup .srfsh.xml for opensrf user
- copy: src={{eg_install_path}}/conf/srfsh.xml.example dest=/home/opensrf/.srfsh.xml force=no
-- name: Set ownership of .srfsh.xml to opensrf
- file: dest=/home/opensrf/.srfsh.xml owner=opensrf group=opensrf
+ become: true
+ become_user: opensrf
+ copy:
+ remote_src: true
+ src: "{{eg_install_path}}/conf/srfsh.xml.example"
+ dest: /home/opensrf/.srfsh.xml
+ force: no
- name: Copy ldconfig
+ become: true
copy:
src: "{{playbook_dir}}/evergreen/evergreen.ld.conf"
dest: /etc/ld.so.conf.d/evergreen.ld.conf
- name: Run ldconfig
+ become: true
shell: ldconfig
- name: Install Evergreen Translator Prereqs
+ become: true
shell: >
cd {{repo_base}}/Evergreen
&& PERL_MM_USE_DEFAULT=1 make -f
Open-ILS/src/extras/Makefile.install {{os_build_target}}-translator
-- name: Set ownership of {{repo_base}} to opensrf
- file: dest="{{repo_base}}" owner=opensrf group=opensrf recurse=yes
+- name: Set ownership of {{repo_base}} to {{deploy_user}}
+ become: true
+ file: dest={{repo_base}} owner={{deploy_user}} group={{deploy_user}} recurse=yes
- name: Install specified "{{ locale }}" locale(s)
become: true
- become_user: opensrf
shell: >
- cd {{repo_base}}/Evergreen/build/i18n
+ cd {{repo_base}}/Evergreen/build/i18n
&& make LOCALE="{{ item }}" install
with_items: "{{ locale }}"
+- name: Set ownership of {{repo_base}} to {{deploy_user}}
+ become: true
+ file: dest={{repo_base}} owner={{deploy_user}} group={{deploy_user}} recurse=yes
+- name: Set ownership of {{eg_install_path}} to opensrf
+ become: true
+ file: dest={{eg_install_path}} owner=opensrf group=opensrf recurse=yes
- name: Install Evergreen Web Prereqs
+ become: true
shell: >
cd {{repo_base}}/Evergreen
&& PERL_MM_USE_DEFAULT=1 make -f
Open-ILS/src/extras/Makefile.install {{os_build_target}}-developer
-- name: Set ownership of {{repo_base}} to opensrf
- file: dest="{{repo_base}}" owner=opensrf group=opensrf recurse=yes
+- name: Set ownership of {{repo_base}} to {{deploy_user}}
+ become: true
+ file: dest="{{repo_base}}" owner={{deploy_user}} group={{deploy_user}} recurse=yes
- name: Install Grunt
+ become: true
npm: name=grunt-cli global=true
- name: Node Build
become: true
- become_user: opensrf
npm: path={{repo_base}}/Evergreen/Open-ILS/web/js/ui/default/staff
- name: Grunt Build
- become: true
- become_user: opensrf
shell: >
cd {{repo_base}}/Evergreen/Open-ILS/web/js/ui/default/staff
&& grunt build
- name: Grunt Test
- become: true
- become_user: opensrf
shell: >
cd {{repo_base}}/Evergreen/Open-ILS/web/js/ui/default/staff
&& grunt test
# Apache translations
- name: Assign variable for locale(s) for TPAC
+ become: true
vars:
eg_locale: "{{ item | lower | regex_replace('(\\w{2})-(\\w{2})', '\\1_\\2') }}"
blockinfile:
with_items: "{{ locale }}"
when: locale is defined
- name: Setup locale(s) for web staff client
+ become: true
vars:
staff_eg_locale: "{{ item | lower | regex_replace('(\\w{2})-(\\w{2})', '\\1_\\2') }}"
blockinfile:
# Apache must be reconfigured before NGINX is installed
# or the NGINX install will fail on conflicting ports
- name: Change Apache ports.conf to listen 7080
+ become: true
replace:
dest: /etc/apache2/ports.conf
regexp: 'Listen 80'
replace: 'Listen 7080'
- name: Change Apache ports.conf to listen 7443
+ become: true
replace:
dest: /etc/apache2/ports.conf
regexp: 'Listen 443'
replace: 'Listen 7443'
- name: Change Evergreen eg.conf to listen 7080
+ become: true
replace:
dest: /etc/apache2/sites-available/eg.conf
regexp: ':80'
replace: ':7080'
- name: Change Evergreen eg.conf to listen 7443
+ become: true
replace:
dest: /etc/apache2/sites-available/eg.conf
regexp: ':443'
replace: ':7443'
- name: Restart Apache With New Ports
+ become: true
service: name=apache2 state=restarted
- name: Install Nginx Prereqs
+ become: true
apt: name=nginx state=present
- name: Install NGINX Configs
+ become: true
copy:
+ remote_src: true
src: "{{repo_base}}/OpenSRF/examples/nginx/osrf-ws-http-proxy"
dest: /etc/nginx/sites-available/osrf-ws-http-proxy
- name: Link NGINX Configs
+ become: true
file:
state: link
src: /etc/nginx/sites-available/osrf-ws-http-proxy
dest: /etc/nginx/sites-enabled/osrf-ws-http-proxy
- name: Remove Default NGINX Site
+ become: true
file:
state: absent
dest: /etc/nginx/sites-available/default
- name: Restart NGINX With New Config
+ become: true
service: name=nginx state=restarted
- name: Update OpenSRF WS JS Port
+ become: true
+ become_user: opensrf
lineinfile:
- dest: /openils/lib/javascript/opensrf_ws.js
+ dest: "{{eg_install_path}}/lib/javascript/opensrf_ws.js"
regexp: '^var WEBSOCKET_PORT_SSL = 7682;'
line: 'var WEBSOCKET_PORT_SSL = 443;'
- name: Update OpenSRF WS JS Port (Shared)
# This file is not currently used, but may be later.
+ become: true
+ become_user: opensrf
lineinfile:
- dest: /openils/lib/javascript/opensrf_ws_shared.js
+ dest: "{{eg_install_path}}/lib/javascript/opensrf_ws_shared.js"
regexp: '^var WEBSOCKET_PORT_SSL = 7682;'
line: 'var WEBSOCKET_PORT_SSL = 443;'
- name: Configure Rsyslog
+ become: true
when: use_rsyslog
copy:
+ remote_src: true
src: "{{repo_base}}/Evergreen/Open-ILS/examples/evergreen-rsyslog.conf"
dest: /etc/rsyslog.d/evergreen.conf
- name: Restart Rsyslog
+ become: true
when: use_rsyslog
service: name=rsyslog state=restarted
- name: Update opensrf_core.xml for rsyslog
+ become: true
+ become_user: opensrf
replace:
dest: "{{eg_install_path}}/conf/opensrf_core.xml"
regexp: '<logfile>\/(.*)\n.*<!--'
replace: '<!--<logfile>/\1-->'
- name: Update opensrf_core.xml for rsyslog
+ become: true
+ become_user: opensrf
replace:
dest: "{{eg_install_path}}/conf/opensrf_core.xml"
regexp: '-->.*\n(.*)<loglevel>'
replace: '<loglevel>'
- name: Update opensrf_core.xml for rsyslog
+ become: true
+ become_user: opensrf
replace:
dest: "{{eg_install_path}}/conf/opensrf_core.xml"
regexp: '-->.*\n(.*)</gateway>'
environment:
PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin"
shell: autogen.sh
-- name: Reloading Apache
+- name: Reloading Apache
+ become: true
service: name=apache2 state=reloaded
- name: Copying Ejabberd Config
+ become: true
copy:
src: "{{playbook_dir}}/opensrf/ejabberd-config.yml"
dest: /etc/ejabberd/ejabberd.yml
mode: 0600
- name: Restarting Ejabberd
+ become: true
service: name=ejabberd state=restarted
- name: Wait a moment for Ejabberd
pause: seconds=5
- block:
- - name: Unregister Ejabberd user router@private.localhost
- shell: ejabberdctl unregister router private.localhost
- - name: Unregister Ejabberd user opensrf@private.localhost
- shell: ejabberdctl unregister opensrf private.localhost
- - name: Unregister Ejabberd user router@public.localhost
- shell: ejabberdctl unregister router public.localhost
- - name: Unregister Ejabberd user opensrf@public.localhost
- shell: ejabberdctl unregister opensrf public.localhost
- - name: Register Ejabberd user router@private.localhost
- shell: ejabberdctl register router private.localhost {{ejabberd_password}}
- - name: Register Ejabberd user opensrf@private.localhost
- shell: ejabberdctl register opensrf private.localhost {{ejabberd_password}}
- - name: Register Ejabberd user router@public.localhost
- shell: ejabberdctl register router public.localhost {{ejabberd_password}}
- - name: Register Ejabberd user opensrf@public.localhost
- shell: ejabberdctl register opensrf public.localhost {{ejabberd_password}}
+ - name: Unregister Ejabberd user router@private.{{jabber_domain}}
+ shell: ejabberdctl unregister router private.{{jabber_domain}}
+ - name: Unregister Ejabberd user opensrf@private.{{jabber_domain}}
+ shell: ejabberdctl unregister opensrf private.{{jabber_domain}}
+ - name: Unregister Ejabberd user router@public.{{jabber_domain}}
+ shell: ejabberdctl unregister router public.{{jabber_domain}}
+ - name: Unregister Ejabberd user opensrf@public.{{jabber_domain}}
+ shell: ejabberdctl unregister opensrf public.{{jabber_domain}}
+ - name: Register Ejabberd user router@private.{{jabber_domain}}
+ shell: ejabberdctl register router private.{{jabber_domain}} {{ejabberd_password}}
+ - name: Register Ejabberd user opensrf@private.{{jabber_domain}}
+ shell: ejabberdctl register opensrf private.{{jabber_domain}} {{ejabberd_password}}
+ - name: Register Ejabberd user router@public.{{jabber_domain}}
+ shell: ejabberdctl register router public.{{jabber_domain}} {{ejabberd_password}}
+ - name: Register Ejabberd user opensrf@public.{{jabber_domain}}
+ shell: ejabberdctl register opensrf public.{{jabber_domain}} {{ejabberd_password}}
become: true
become_user: ejabberd
dest: "{{repo_base}}/OpenSRF"
depth: "{{osrf_clone_depth}}"
version: "{{osrf_git_branch}}"
+ force: "{{force_git_checkout}}"
- name: Install OpenSRF Prereqs
become: true
shell: >
cd {{repo_base}}/OpenSRF
&& PERL_MM_USE_DEFAULT=1 make -f
src/extras/Makefile.install {{os_build_target}}
-- name: Set ownership of {{repo_base}} to opensrf
- file: dest="{{repo_base}}" owner=opensrf group=opensrf recurse=yes
-- name: Build OpenSRF
+- name: Set ownership of {{repo_base}} to {{deploy_user}}
become: true
- become_user: opensrf
+ file: dest="{{repo_base}}" owner={{deploy_user}} group={{deploy_user}} recurse=yes
+- name: Build OpenSRF
environment:
PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin"
shell: >
&& ./configure --prefix={{eg_install_path}} --sysconfdir={{eg_install_path}}/conf
&& make
- name: Install OpenSRF Files
+ become: true
environment:
PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin"
shell: cd {{repo_base}}/OpenSRF && make install
- name: Set ownership of {{eg_install_path}} to opensrf
+ become: true
file: dest="{{eg_install_path}}" owner=opensrf group=opensrf recurse=yes
- name: Install OpenSRF Pre-Prereqs
+ become: true
apt: name=make state=present
with_items:
- make
- git
- name: Create opensrf user
+ become: true
user:
name: opensrf
shell: /bin/bash
# Environment changes added to ~/.bash_profile to ensure they are
# loaded regardless of whether opensrf is used interactively.
- name: Check export PATH for opensrf user profile
+ become: true
+ become_user: opensrf
lineinfile:
dest: /home/opensrf/.bash_profile
create: yes
regexp: '^export PATH='
line: 'export PATH="{{eg_install_path}}/bin:$PATH"'
- name: Check LD_LIBRARY_PATH for opensrf user profile
+ become: true
+ become_user: opensrf
lineinfile:
dest: /home/opensrf/.bash_profile
regexp: '^export LD_LIBRARY_PATH='
line: 'export LD_LIBRARY_PATH="{{eg_install_path}}/lib:/usr/local/lib:/usr/local/lib/dbd:$LD_LIBRARY_PATH"'
-- name: Check /etc/hosts file for public.{{domain_name}}
+- name: Add public/private jabber hosts to /etc/hosts
+ become: true
lineinfile:
dest: /etc/hosts
- regexp: '^127.0.1.2'
- line: '127.0.1.2 public.{{domain_name}}'
-- name: Check /etc/hosts file for private.{{domain_name}}
- lineinfile:
- dest: /etc/hosts
- regexp: '^127.0.1.3'
- line: '127.0.1.3 private.{{domain_name}}'
+ regexp: '^{{jabber_domain_addr}} public'
+ line: '{{jabber_domain_addr}} public.{{jabber_domain}} private.{{jabber_domain}}'
git:
repo: "{{websockets_repository}}"
dest: "/tmp/apache-websocket"
+ force: "{{force_git_checkout}}"
- name: Install Websockets
+ become: true
shell: cd /tmp/apache-websocket && apxs2 -i -a -c mod_websocket.c
- name: register variable websocketsconf
stat: path=/etc/apache2-websockets
register: websocketsconf
- block:
- name: Create Websockets Instance
+ become: true
shell: >
sh /usr/share/doc/apache2/examples/setup-instance websockets
&& a2dismod websocket
- name: Confirm websockets run user is opensrf
+ become: true
lineinfile:
state: present
dest: /etc/apache2-websockets/envvars
regexp: 'APACHE_RUN_USER'
line: 'export APACHE_RUN_USER=opensrf'
- name: Copy Example Websockets apache2.conf
+ become: true
copy:
+ remote_src: true
src: "{{repo_base}}/OpenSRF/examples/apache_24/websockets/apache2.conf"
dest: /etc/apache2-websockets/apache2.conf
when: websocketsconf.stat.isdir is not defined
-# NOTE: restarting websockets here fails because the SSL cert is not yet in place
+# NOTE: restarting websockets here fails because the SSL cert is not yet in place
# Author: Bill Erickson <berickxx@gmail.com>
- hosts: '{{hosts}}'
- connection: local
- # Every command not explicitly run by opensrf/postgres requires root.
- remote_user: root
+ remote_user: '{{deploy_user}}'
become_method: sudo
vars_files:
- settings.yml
---
hosts: '127.0.0.1'
-repo_base: /home/opensrf
+deploy_user: opensrf
+repo_base: /home/{{deploy_user}}
os_build_target: ubuntu-xenial
osrf_git_repository: git://git.evergreen-ils.org/OpenSRF.git
eg_git_repository: git://git.evergreen-ils.org/Evergreen.git
websockets_repository: https://github.com/disconnect/apache-websocket
osrf_git_branch: master
eg_git_branch: master
+
+# 'no' == build will fail on local changes
+# 'yes' == local changes will be destroyed
+force_git_checkout: no
+
# Clone depth "0" means full clone
osrf_clone_depth: 0
eg_clone_depth: 0
eg_stamp_id: master
eg_admin_user: admin
eg_admin_pass: demo123
+
ejabberd_password: password
-domain_name: localhost
+jabber_domain: localhost
+jabber_domain_addr: 127.0.1.2
+
+# Host domain used by web clients.
+# TODO add to apache eg.conf ServerName
+web_domain: localhost
+# TODO add cache servers to opensrf.xml/eg_vhost.conf
opensrf_memcached_server: ["127.0.0.1:11211"]
dojo_version: 1.3.3
dojo_url: http://download.dojotoolkit.org/release-{{dojo_version}}/dojo-release-{{dojo_version}}.tar.gz
create_schema: true
# set to empty value to avoid loading sample data
-# Requires create_schema:true
+# Only used when create_schema=true
load_sample_data: --load-all-sample
# Install the PGTAP extension for database unit tests?
-# Requires create_schema:true
+# Requires create_schema=true
install_pgtap: true
# --------------------------------------------------------------------------
projects / working / random.git / commitdiff