From: Bill Erickson <berickxx@gmail.com>
Date: Mon, 24 Apr 2017 22:23:43 +0000 (-0400)
Subject: Support remote installs; default to non-root user
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=f276b19490cc407a86406eb7ae41e602bcf374df;p=working%2Frandom.git

Support remote installs; default to non-root user

Signed-off-by: Bill Erickson <berickxx@gmail.com>
---

diff --git a/evergreen/apache.yml b/evergreen/apache.yml
index bf30aea82..97cdf36b8 100644
--- a/evergreen/apache.yml
+++ b/evergreen/apache.yml
@@ -5,16 +5,19 @@
 - name: Setup eg.conf
   become: true
   copy:
+    remote_src: true
     src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache_24/eg_24.conf"
     dest: /etc/apache2/sites-available/eg.conf
 - name: Setup eg_vhost.conf
   become: true
   copy:
+    remote_src: true
     src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache_24/eg_vhost_24.conf"
     dest: /etc/apache2/eg_vhost.conf 
 - name: Setup eg_startup
   become: true
   copy:
+    remote_src: true
     src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache/eg_startup"
     dest: /etc/apache2/              
 - name: Create SSL Certs directory
@@ -38,22 +41,21 @@
 - name: Enable apache mod headers
   become: true
   shell: /usr/sbin/a2enmod headers
-  become: true
 - name: Enable apache mod expires
-  shell: /usr/sbin/a2enmod expires
   become: true
+  shell: /usr/sbin/a2enmod expires
 - name: Enable apache mod rewrite
-  shell: /usr/sbin/a2enmod rewrite
   become: true
+  shell: /usr/sbin/a2enmod rewrite
 - name: Disable default site for apache
-  shell: /usr/sbin/a2dissite 000-default
   become: true
+  shell: /usr/sbin/a2dissite 000-default
 - name: Enable eg.conf site for apache
-  shell: /usr/sbin/a2ensite eg.conf
   become: true
+  shell: /usr/sbin/a2ensite eg.conf
 - name: Change ownership of /var/lock/apache2 to opensrf
-  file: path=/var/lock/apache2 owner=opensrf group=opensrf
   become: true
+  file: path=/var/lock/apache2 owner=opensrf group=opensrf
 - name: Change run-user for apache to opensrf
   become: true
   replace: 
diff --git a/evergreen/database.yml b/evergreen/database.yml
index 1ea83ce47..fb231a4bd 100644
--- a/evergreen/database.yml
+++ b/evergreen/database.yml
@@ -42,6 +42,10 @@
     password: "{{database_password}}" 
     role_attr_flags: SUPERUSER
 - name: Apply EG DB Schema
+  # eg_db_config modifies {{eg_install_path}}/conf/ files in 
+  # addition to building the schema
+  become: true
+  become_user: opensrf
   shell: >
     perl {{repo_base}}/Evergreen/Open-ILS/src/support-scripts/eg_db_config 
     {{load_sample_data}} 
diff --git a/evergreen/eg-build.yml b/evergreen/eg-build.yml
index 4f4491e53..33b48fdea 100644
--- a/evergreen/eg-build.yml
+++ b/evergreen/eg-build.yml
@@ -14,8 +14,6 @@
   become: true
   file: dest={{repo_base}} owner={{deploy_user}} group={{deploy_user}} recurse=yes
 - name: Build Evergreen
-  become: true
-  become_user: opensrf
   environment:
     PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin"
   shell: >
@@ -23,6 +21,3 @@
     && autoreconf -i 
     && ./configure --prefix={{eg_install_path}} --sysconfdir={{eg_install_path}}/conf 
     && make
-- name: Set ownership of {{eg_install_path}} to opensrf
-  become: true
-  file: dest={{eg_install_path}} owner=opensrf group=opensrf recurse=yes
diff --git a/evergreen/eg-install.yml b/evergreen/eg-install.yml
index 4ec3ae192..093ad5eaf 100644
--- a/evergreen/eg-install.yml
+++ b/evergreen/eg-install.yml
@@ -7,29 +7,27 @@
     && make STAFF_CLIENT_STAMP_ID={{eg_stamp_id}} install
 - name: Create XUL Current Symlink
   become: true
-  become_user: opensrf
   file:
     state: link
     src: "{{eg_install_path}}/var/web/xul/{{eg_stamp_id}}"
     dest: "{{eg_install_path}}/var/web/xul/current"
 - name: Create XUL Server Symlink
   become: true
-  become_user: opensrf
   file:
     state: link
     src: "{{eg_install_path}}/var/web/xul/current/server"
     dest: "{{eg_install_path}}/var/web/xul/server"
 - name: Setup opensrf.xml config file
   become: true
-  become_user: opensrf
   copy:
+    remote_src: true
     src: "{{eg_install_path}}/conf/opensrf.xml.example"
     dest: "{{eg_install_path}}/conf/opensrf.xml"
     force: no
 - name: Setup opensrf_core.xml config file
   become: true
-  become_user: opensrf
   copy:
+    remote_src: true
     src: "{{eg_install_path}}/conf/opensrf_core.xml.example"
     dest: "{{eg_install_path}}/conf/opensrf_core.xml"
     force: no
@@ -41,15 +39,23 @@
     dest: /tmp/
 - name: Copy dojo source files into place
   become: true
-  become_user: opensrf
-  synchronize: src=/tmp/dojo-release-{{dojo_version}}/ dest={{eg_install_path}}/var/web/js/dojo/
+  # 'synchronize' is much faster than 'copy' for large directories
+  # delegate_to tells synchronize source files live on the remote machine.
+  delegate_to: "{{inventory_hostname}}"
+  synchronize: 
+    src: /tmp/dojo-release-{{dojo_version}}/
+    dest: "{{eg_install_path}}/var/web/js/dojo/"
 - name: Set ownership of {{eg_install_path}} to opensrf
   become: true
   file: dest={{eg_install_path}} owner=opensrf group=opensrf recurse=yes
 - name: Setup .srfsh.xml for opensrf user
   become: true
   become_user: opensrf
-  copy: src={{eg_install_path}}/conf/srfsh.xml.example dest=/home/opensrf/.srfsh.xml force=no
+  copy: 
+    remote_src: true
+    src: "{{eg_install_path}}/conf/srfsh.xml.example"
+    dest: /home/opensrf/.srfsh.xml 
+    force: no
 - name: Copy ldconfig
   become: true
   copy:
diff --git a/evergreen/eg-web.yml b/evergreen/eg-web.yml
index f9017ae90..2054f4d6b 100644
--- a/evergreen/eg-web.yml
+++ b/evergreen/eg-web.yml
@@ -12,7 +12,6 @@
   npm: name=grunt-cli global=true
 - name: Node Build
   become: true
-  become_user: opensrf
   npm: path={{repo_base}}/Evergreen/Open-ILS/web/js/ui/default/staff
 - name: Grunt Build
   shell: >
diff --git a/extras/nginx.yml b/extras/nginx.yml
index 911ee878c..55e4f2dcc 100644
--- a/extras/nginx.yml
+++ b/extras/nginx.yml
@@ -33,6 +33,7 @@
 - name: Install NGINX Configs
   become: true
   copy:
+    remote_src: true
     src: "{{repo_base}}/OpenSRF/examples/nginx/osrf-ws-http-proxy"
     dest: /etc/nginx/sites-available/osrf-ws-http-proxy
 - name: Link NGINX Configs
diff --git a/extras/rsyslog.yml b/extras/rsyslog.yml
index 9286a86b1..a92807690 100644
--- a/extras/rsyslog.yml
+++ b/extras/rsyslog.yml
@@ -2,6 +2,7 @@
   become: true
   when: use_rsyslog
   copy:
+    remote_src: true
     src: "{{repo_base}}/Evergreen/Open-ILS/examples/evergreen-rsyslog.conf"
     dest: /etc/rsyslog.d/evergreen.conf
 - name: Restart Rsyslog
diff --git a/opensrf/websockets.yml b/opensrf/websockets.yml
index fa62dd72d..dc9a094d6 100644
--- a/opensrf/websockets.yml
+++ b/opensrf/websockets.yml
@@ -24,6 +24,7 @@
   - name: Copy Example Websockets apache2.conf
     become: true
     copy:
+      remote_src: true
       src: "{{repo_base}}/OpenSRF/examples/apache_24/websockets/apache2.conf"
       dest: /etc/apache2-websockets/apache2.conf
   when: websocketsconf.stat.isdir is not defined
diff --git a/playbook.yml b/playbook.yml
index ee72ef3d3..0bc5fe638 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -2,8 +2,6 @@
 # Author: Bill Erickson <berickxx@gmail.com>
 
 - hosts: '{{hosts}}'
-  connection: local
-  # Every command not explicitly run by opensrf/postgres requires root.  
   remote_user: '{{deploy_user}}'
   become_method: sudo
   vars_files: