Reuse roles.

2019-12-16 23:58:06 +01:00 · 2019-12-16 23:58:06 +01:00 · d7bb28b795
commit d7bb28b795
parent 84c30c482b
15 changed files with 49 additions and 223 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# Overview
+# Survol des playbooks Ansible

 On découpe nos *playbooks* Ansible par rôles :

@ -12,8 +12,7 @@ En partant de là, on peut utiliser les commandes suivantes:
 D'abord installer Ansible dans un venv les dépendances :

 - pip install ansible
- ansible-galaxy install julienpalard.nginx_letsencrypt
- ansible-galaxy install tschifftner.exim4_sendonly
+- ansible-galaxy install -r requirements.yml

 Puis pour jouer les *playbooks* :

@ -21,14 +20,17 @@ Puis pour jouer les *playbooks* :
 - Pour configurer les PyCons : `ansible-playbook pycons.yml`
 - Pour configurer Passbolt : `ansible-playbook passbolt.yml`

+
+## Faire, ne pas faire
+
+Faire : Configurer les machines : apt install, fichiers de
+configuration, utilisateurs, ...
+
+Ne pas faire : Deployer. C'est le rôle de la CI (Github Actions, ...).
+
+
 # Servers

-Dependencies:
- - tschifftner.exim4_sendonly
- - julienpalard.nginx_letsencrypt
- - https://github.com/laxathom/ansible-role-passbolt
-
-
 ## TODO

 - [ ] Rédiger le ansible pour afpy.org, en profiter pour mettre en place du continuous delivery.
@ -40,6 +42,13 @@ Dependencies:
 - [ ] Setup watchghost


+## deb.afpy.org
+
+La seule machine déployée via Ansible.
+
+fingerprint: `SHA256:xVC4sYYdmDSbJP6JWZUxApzHdbAj1p3uZlOEIksXrMA`.
+
+
 ## rainette.afpy.org

 Liste des jails toujours utiles :
--- a/5
+++ b/5
@ -1,7 +1,4 @@
-[gallery]
-51.159.55.117
-
-[pycons]
+[webservers]
 51.159.55.117

 [rsnapshoters]
--- a/passbolt.yml
+++ b/passbolt.yml
@ -11,6 +11,7 @@
        mode: 0700
        state: directory
      tags: backup
+
    - name: Setup mysql passbolt backup
      cron:
        name: passbolt mysql backup
@ -19,7 +20,6 @@
        job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql'
      tags: backup

-
  vars:
    passbolt_tmpdir: "/srv/passbolt-tmp/"
    passbolt_homedir: "/srv/passbolt/"
@ -59,7 +59,7 @@
    php_webserver_daemon: "nginx"
    php_enable_php_fpm: true
    php_enable_webserver: false
-    php_default_version_debian: "7.0"
+    php_default_version_debian: "7.3"
    nginx_sites:
        passbolt_http:
            - listen 80
--- a/pycon.yml
+++ b/pycon.yml
@ -1,45 +1,36 @@
 ---

- hosts: pycons
+- hosts: webservers
+  vars:
+    public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbgxOufHY7SxQrJNTlHmye+xeNHBA1O5SGtGhGeOVZM"
  tasks:
    - name: Basic setup
      include_role: name=common

-    - name: Setup PyCon Fr 2010
-      include_role: name=pelican
+    - name: Setup PyConFr 2010
+      include_role: name=julienpalard.static_website
      vars:
-        pelican_user: pycon2010
-        pelican_https: true
-        pelican_domain: 2010.pycon.fr
-        pelican_repo: https://github.com/AFPy/pyconfr_2010
-        pelican_path_in_repo: 2010/
-        pelican_home: "/srv/{{ pelican_user }}/"
+        owner: pycon2010
+        domain: 2010.pycon.fr
+        path: /var/www/2010.pycon.fr/

    - name: Setup PyConFr 2011
-      include_role: name=pelican
+      include_role: name=julienpalard.static_website
      vars:
-        pelican_user: pycon2011
-        pelican_https: true
-        pelican_domain: 2011.pycon.fr
-        pelican_repo: https://github.com/AFPy/pyconfr_2010
-        pelican_path_in_repo: 2011/
-        pelican_home: "/srv/{{ pelican_user }}/"
+        owner: pycon2011
+        domain: 2011.pycon.fr
+        path: /var/www/2011.pycon.fr/

    - name: Setup PyConFr 2012
-      include_role: name=static
+      include_role: name=julienpalard.static_website
      vars:
-        static_user: pycon2012
-        static_https: true
-        static_domain: 2012.pycon.fr
-        static_repo: https://github.com/AFPy/pyconfr_2012
+        owner: pycon2012
+        domain: 2012.pycon.fr
+        path: /var/www/2012.pycon.fr/

- hosts: gallery
-  tasks:
    - name: Setup sigal of paullaroid.pycon.fr
-      include_role: name=gallery
+      include_role: name=julienpalard.static_website
      vars:
-        gallery_https: true
-        gallery_user: gallery
-        gallery_domain: paullaroid.pycon.fr
-        gallery_repo: https://github.com/AFPy/pycon-fr-gallery.git
-        gallery_home: /srv/gallery/
+        owner: paullaroid
+        domain: paullaroid.pycon.fr
+        path: /var/www/paullaroid.pycon.fr/
--- a/requirements.yml
+++ b/requirements.yml
@ -0,0 +1,8 @@
+---
+roles:
+  - src: julienpalard.static_website
+    version: master
+  - src: tschifftner.exim4_sendonly
+    version: master
+  - src: laxathom.passbolt
+    version: master
--- a/roles/pelican/defaults/main.yml
+++ b/roles/pelican/defaults/main.yml
@ -1,6 +0,0 @@
-pelican_user: pycon2010
-pelican_https: false
-pelican_domain: pycon2010.pycon.fr
-pelican_repo: https://github.com/AFPy/pyconfr_2010
-pelican_path_in_repo: 2010/
-pelican_home: "/srv/{{ pelican_user }}/"
--- a/roles/pelican/handlers/main.yml
+++ b/roles/pelican/handlers/main.yml
@ -1,4 +0,0 @@
---
-
- name: reload nginx
-  service: name=nginx state=reloaded
--- a/roles/pelican/meta/main.yml
+++ b/roles/pelican/meta/main.yml
@ -1,6 +0,0 @@
---
-
-dependencies:
-  - role: julienpalard.nginx_letsencrypt
-    certificates: "{{ [[ pelican_domain ]] }}"
-    when: pelican_https
--- a/roles/pelican/tasks/main.yml
+++ b/roles/pelican/tasks/main.yml
@ -1,52 +0,0 @@
---
-
- block:
-  - name: Install nginx and dependencies
-    apt:
-      name: [nginx, git]
-
-  - name: Create user
-    user:
-      name: "{{ pelican_user }}"
-      shell: /bin/false
-      system: yes
-      home: "{{ pelican_home }}"
-
-  - name: Clone repo
-    git:
-      repo: "{{ pelican_repo }}"
-      dest: "{{ pelican_home }}/repo"
-    register: clone_repo
-
-  - name: pip install pelican markdown
-    pip:
-      name: [pelican, markdown]
-      virtualenv_command: /usr/bin/python3 -m venv
-      virtualenv: "{{ pelican_home }}/venv"
-
-  - name: Ensure pelican can write in its output dir
-    file:
-      path: "{{ pelican_home }}/www/"
-      state: directory
-      owner: "{{ pelican_user }}"
-      mode: 0755
-
-  - name: Build pelican
-    when: clone_repo.changed
-    command: "{{ pelican_home }}/venv/bin/pelican -o {{ pelican_home }}/www/"
-    args:
-      chdir: "{{ pelican_home }}/repo/{{ pelican_path_in_repo }}"
-    become: true
-    become_method: su
-    become_user: "{{ pelican_user }}"
-    become_flags: "-s /bin/sh"
-
-  - name: Configure nginx
-    template:
-      src: nginx-vhost
-      dest: "/etc/nginx/conf.d/{{ pelican_domain }}.conf"
-      owner: root
-      group: root
-      mode: 0644
-    notify: reload nginx
-  tags: [pelican]
--- a/roles/pelican/templates/nginx-vhost
+++ b/roles/pelican/templates/nginx-vhost
@ -1,33 +0,0 @@
-{% if pelican_https %}
-server {
-    listen 80;
-    server_name {{ pelican_domain }};
-
-    location / {
-        return 301 https://{{ pelican_domain }}$request_uri;
-    }
-}
-
-server
-{
-    listen 443 ssl;
-    server_name {{ pelican_domain }};
-
-    include snippets/letsencrypt-{{ pelican_domain }}.conf;
-
-    location / {
-        root {{ pelican_home }}/www/;
-        try_files $uri $uri/ =404;
-    }
-}
-{% else %}
-server {
-    listen 80;
-    server_name {{ pelican_domain }};
-
-    location / {
-        root {{ pelican_home }}/www/;
-        try_files $uri $uri/ =404;
-    }
-}
-{% endif %}
--- a/roles/static/defaults/main.yml
+++ b/roles/static/defaults/main.yml
@ -1,6 +0,0 @@
-static_user: pycon2010
-static_https: false
-static_domain: some_static_website.pycon.fr
-static_repo: https://github.com/AFPy/pyconfr_2010
-static_path_in_repo: /
-static_home: "/srv/{{ static_user }}/"
--- a/roles/static/handlers/main.yml
+++ b/roles/static/handlers/main.yml
@ -1,4 +0,0 @@
---
-
- name: reload nginx
-  service: name=nginx state=reloaded
--- a/roles/static/meta/main.yml
+++ b/roles/static/meta/main.yml
@ -1,6 +0,0 @@
---
-
-dependencies:
-  - role: julienpalard.nginx_letsencrypt
-    certificates: "{{ [[ static_domain ]] }}"
-    when: static_https
--- a/roles/static/tasks/main.yml
+++ b/roles/static/tasks/main.yml
@ -1,29 +0,0 @@
---
-
- block:
-  - name: Install nginx and dependencies
-    apt:
-      name: [nginx, git]
-
-  - name: Create user
-    user:
-      name: "{{ static_user }}"
-      shell: /bin/false
-      system: yes
-      home: "{{ static_home }}"
-
-  - name: Clone repo
-    git:
-      repo: "{{ static_repo }}"
-      dest: "{{ static_home }}/www/"
-    register: clone_repo
-
-  - name: Configure nginx
-    template:
-      src: nginx-vhost
-      dest: "/etc/nginx/conf.d/{{ static_domain }}.conf"
-      owner: root
-      group: root
-      mode: 0644
-    notify: reload nginx
-  tags: [static]
--- a/roles/static/templates/nginx-vhost
+++ b/roles/static/templates/nginx-vhost
@ -1,33 +0,0 @@
-{% if static_https %}
-server {
-    listen 80;
-    server_name {{ static_domain }};
-
-    location / {
-        return 301 https://{{ static_domain }}$request_uri;
-    }
-}
-
-server
-{
-    listen 443 ssl;
-    server_name {{ static_domain }};
-
-    include snippets/letsencrypt-{{ static_domain }}.conf;
-
-    location / {
-        root {{ static_home }}/www/;
-        try_files $uri $uri/ =404;
-    }
-}
-{% else %}
-server {
-    listen 80;
-    server_name {{ static_domain }};
-
-    location / {
-        root {{ static_home }}/www/;
-        try_files $uri $uri/ =404;
-    }
-}
-{% endif %}