forked from AFPy/infra
Reuse roles.
This commit is contained in:
parent
84c30c482b
commit
d7bb28b795
27
README.md
27
README.md
|
@ -1,4 +1,4 @@
|
|||
# Overview
|
||||
# Survol des playbooks Ansible
|
||||
|
||||
On découpe nos *playbooks* Ansible par rôles :
|
||||
|
||||
|
@ -12,8 +12,7 @@ En partant de là, on peut utiliser les commandes suivantes:
|
|||
D'abord installer Ansible dans un venv les dépendances :
|
||||
|
||||
- pip install ansible
|
||||
- ansible-galaxy install julienpalard.nginx_letsencrypt
|
||||
- ansible-galaxy install tschifftner.exim4_sendonly
|
||||
- ansible-galaxy install -r requirements.yml
|
||||
|
||||
Puis pour jouer les *playbooks* :
|
||||
|
||||
|
@ -21,14 +20,17 @@ Puis pour jouer les *playbooks* :
|
|||
- Pour configurer les PyCons : `ansible-playbook pycons.yml`
|
||||
- Pour configurer Passbolt : `ansible-playbook passbolt.yml`
|
||||
|
||||
|
||||
## Faire, ne pas faire
|
||||
|
||||
Faire : Configurer les machines : apt install, fichiers de
|
||||
configuration, utilisateurs, ...
|
||||
|
||||
Ne pas faire : Deployer. C'est le rôle de la CI (Github Actions, ...).
|
||||
|
||||
|
||||
# Servers
|
||||
|
||||
Dependencies:
|
||||
- tschifftner.exim4_sendonly
|
||||
- julienpalard.nginx_letsencrypt
|
||||
- https://github.com/laxathom/ansible-role-passbolt
|
||||
|
||||
|
||||
## TODO
|
||||
|
||||
- [ ] Rédiger le ansible pour afpy.org, en profiter pour mettre en place du continuous delivery.
|
||||
|
@ -40,6 +42,13 @@ Dependencies:
|
|||
- [ ] Setup watchghost
|
||||
|
||||
|
||||
## deb.afpy.org
|
||||
|
||||
La seule machine déployée via Ansible.
|
||||
|
||||
fingerprint: `SHA256:xVC4sYYdmDSbJP6JWZUxApzHdbAj1p3uZlOEIksXrMA`.
|
||||
|
||||
|
||||
## rainette.afpy.org
|
||||
|
||||
Liste des jails toujours utiles :
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
[gallery]
|
||||
51.159.55.117
|
||||
|
||||
[pycons]
|
||||
[webservers]
|
||||
51.159.55.117
|
||||
|
||||
[rsnapshoters]
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
mode: 0700
|
||||
state: directory
|
||||
tags: backup
|
||||
|
||||
- name: Setup mysql passbolt backup
|
||||
cron:
|
||||
name: passbolt mysql backup
|
||||
|
@ -19,7 +20,6 @@
|
|||
job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql'
|
||||
tags: backup
|
||||
|
||||
|
||||
vars:
|
||||
passbolt_tmpdir: "/srv/passbolt-tmp/"
|
||||
passbolt_homedir: "/srv/passbolt/"
|
||||
|
@ -59,7 +59,7 @@
|
|||
php_webserver_daemon: "nginx"
|
||||
php_enable_php_fpm: true
|
||||
php_enable_webserver: false
|
||||
php_default_version_debian: "7.0"
|
||||
php_default_version_debian: "7.3"
|
||||
nginx_sites:
|
||||
passbolt_http:
|
||||
- listen 80
|
||||
|
|
49
pycon.yml
49
pycon.yml
|
@ -1,45 +1,36 @@
|
|||
---
|
||||
|
||||
- hosts: pycons
|
||||
- hosts: webservers
|
||||
vars:
|
||||
public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM"
|
||||
tasks:
|
||||
- name: Basic setup
|
||||
include_role: name=common
|
||||
|
||||
- name: Setup PyCon Fr 2010
|
||||
include_role: name=pelican
|
||||
- name: Setup PyConFr 2010
|
||||
include_role: name=julienpalard.static_website
|
||||
vars:
|
||||
pelican_user: pycon2010
|
||||
pelican_https: true
|
||||
pelican_domain: 2010.pycon.fr
|
||||
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
||||
pelican_path_in_repo: 2010/
|
||||
pelican_home: "/srv/{{ pelican_user }}/"
|
||||
owner: pycon2010
|
||||
domain: 2010.pycon.fr
|
||||
path: /var/www/2010.pycon.fr/
|
||||
|
||||
- name: Setup PyConFr 2011
|
||||
include_role: name=pelican
|
||||
include_role: name=julienpalard.static_website
|
||||
vars:
|
||||
pelican_user: pycon2011
|
||||
pelican_https: true
|
||||
pelican_domain: 2011.pycon.fr
|
||||
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
||||
pelican_path_in_repo: 2011/
|
||||
pelican_home: "/srv/{{ pelican_user }}/"
|
||||
owner: pycon2011
|
||||
domain: 2011.pycon.fr
|
||||
path: /var/www/2011.pycon.fr/
|
||||
|
||||
- name: Setup PyConFr 2012
|
||||
include_role: name=static
|
||||
include_role: name=julienpalard.static_website
|
||||
vars:
|
||||
static_user: pycon2012
|
||||
static_https: true
|
||||
static_domain: 2012.pycon.fr
|
||||
static_repo: https://github.com/AFPy/pyconfr_2012
|
||||
owner: pycon2012
|
||||
domain: 2012.pycon.fr
|
||||
path: /var/www/2012.pycon.fr/
|
||||
|
||||
- hosts: gallery
|
||||
tasks:
|
||||
- name: Setup sigal of paullaroid.pycon.fr
|
||||
include_role: name=gallery
|
||||
include_role: name=julienpalard.static_website
|
||||
vars:
|
||||
gallery_https: true
|
||||
gallery_user: gallery
|
||||
gallery_domain: paullaroid.pycon.fr
|
||||
gallery_repo: https://github.com/AFPy/pycon-fr-gallery.git
|
||||
gallery_home: /srv/gallery/
|
||||
owner: paullaroid
|
||||
domain: paullaroid.pycon.fr
|
||||
path: /var/www/paullaroid.pycon.fr/
|
||||
|
|
8
requirements.yml
Normal file
8
requirements.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
roles:
|
||||
- src: julienpalard.static_website
|
||||
version: master
|
||||
- src: tschifftner.exim4_sendonly
|
||||
version: master
|
||||
- src: laxathom.passbolt
|
||||
version: master
|
|
@ -1,6 +0,0 @@
|
|||
pelican_user: pycon2010
|
||||
pelican_https: false
|
||||
pelican_domain: pycon2010.pycon.fr
|
||||
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
||||
pelican_path_in_repo: 2010/
|
||||
pelican_home: "/srv/{{ pelican_user }}/"
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
dependencies:
|
||||
- role: julienpalard.nginx_letsencrypt
|
||||
certificates: "{{ [[ pelican_domain ]] }}"
|
||||
when: pelican_https
|
|
@ -1,52 +0,0 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: Install nginx and dependencies
|
||||
apt:
|
||||
name: [nginx, git]
|
||||
|
||||
- name: Create user
|
||||
user:
|
||||
name: "{{ pelican_user }}"
|
||||
shell: /bin/false
|
||||
system: yes
|
||||
home: "{{ pelican_home }}"
|
||||
|
||||
- name: Clone repo
|
||||
git:
|
||||
repo: "{{ pelican_repo }}"
|
||||
dest: "{{ pelican_home }}/repo"
|
||||
register: clone_repo
|
||||
|
||||
- name: pip install pelican markdown
|
||||
pip:
|
||||
name: [pelican, markdown]
|
||||
virtualenv_command: /usr/bin/python3 -m venv
|
||||
virtualenv: "{{ pelican_home }}/venv"
|
||||
|
||||
- name: Ensure pelican can write in its output dir
|
||||
file:
|
||||
path: "{{ pelican_home }}/www/"
|
||||
state: directory
|
||||
owner: "{{ pelican_user }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Build pelican
|
||||
when: clone_repo.changed
|
||||
command: "{{ pelican_home }}/venv/bin/pelican -o {{ pelican_home }}/www/"
|
||||
args:
|
||||
chdir: "{{ pelican_home }}/repo/{{ pelican_path_in_repo }}"
|
||||
become: true
|
||||
become_method: su
|
||||
become_user: "{{ pelican_user }}"
|
||||
become_flags: "-s /bin/sh"
|
||||
|
||||
- name: Configure nginx
|
||||
template:
|
||||
src: nginx-vhost
|
||||
dest: "/etc/nginx/conf.d/{{ pelican_domain }}.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: reload nginx
|
||||
tags: [pelican]
|
|
@ -1,33 +0,0 @@
|
|||
{% if pelican_https %}
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{ pelican_domain }};
|
||||
|
||||
location / {
|
||||
return 301 https://{{ pelican_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
server_name {{ pelican_domain }};
|
||||
|
||||
include snippets/letsencrypt-{{ pelican_domain }}.conf;
|
||||
|
||||
location / {
|
||||
root {{ pelican_home }}/www/;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
{% else %}
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{ pelican_domain }};
|
||||
|
||||
location / {
|
||||
root {{ pelican_home }}/www/;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
{% endif %}
|
|
@ -1,6 +0,0 @@
|
|||
static_user: pycon2010
|
||||
static_https: false
|
||||
static_domain: some_static_website.pycon.fr
|
||||
static_repo: https://github.com/AFPy/pyconfr_2010
|
||||
static_path_in_repo: /
|
||||
static_home: "/srv/{{ static_user }}/"
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
|
||||
dependencies:
|
||||
- role: julienpalard.nginx_letsencrypt
|
||||
certificates: "{{ [[ static_domain ]] }}"
|
||||
when: static_https
|
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: Install nginx and dependencies
|
||||
apt:
|
||||
name: [nginx, git]
|
||||
|
||||
- name: Create user
|
||||
user:
|
||||
name: "{{ static_user }}"
|
||||
shell: /bin/false
|
||||
system: yes
|
||||
home: "{{ static_home }}"
|
||||
|
||||
- name: Clone repo
|
||||
git:
|
||||
repo: "{{ static_repo }}"
|
||||
dest: "{{ static_home }}/www/"
|
||||
register: clone_repo
|
||||
|
||||
- name: Configure nginx
|
||||
template:
|
||||
src: nginx-vhost
|
||||
dest: "/etc/nginx/conf.d/{{ static_domain }}.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: reload nginx
|
||||
tags: [static]
|
|
@ -1,33 +0,0 @@
|
|||
{% if static_https %}
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{ static_domain }};
|
||||
|
||||
location / {
|
||||
return 301 https://{{ static_domain }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
server_name {{ static_domain }};
|
||||
|
||||
include snippets/letsencrypt-{{ static_domain }}.conf;
|
||||
|
||||
location / {
|
||||
root {{ static_home }}/www/;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
{% else %}
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{ static_domain }};
|
||||
|
||||
location / {
|
||||
root {{ static_home }}/www/;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
{% endif %}
|
Loading…
Reference in New Issue
Block a user