This repository has been archived by the owner on Mar 8, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathprovision.yml
185 lines (142 loc) · 4.89 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
---
- hosts: servers
# gather facts needs to be off until we've run pre_tasks
# because gather_facts requires python
gather_facts: false
pre_tasks:
- name: Stop auto update
raw: systemctl disable apt-daily.timer
- name: Remove all partial apt files
raw: rm -rf /var/lib/apt/lists/partial/*
# turn gather_facts back on
# so that ansible_env is defined
- name: gather facts
setup: filter=ansible_*
- name: Set rest_mode vars
set_fact:
gunicord_workers: 1
when: rest_mode|bool
- name: Set non-rest_mode vars
set_fact:
gunicord_workers: "{{ ansible_facts['processor_cores']*2+1 }}"
when: not rest_mode|bool
vars_files:
- vars.yml
become: true
roles:
- role: dc_commonscripts
- role: dc_papertrail
papertrail_log_destination: "{{ vault_papertrail_url }}"
- role: postgresql
- role: every_election
tasks:
# When building an AMI make sure that we update to the latest of all packages
# installed in the base image
- name: Create apt-daily.timer.d directory
file: path=/etc/systemd/system/apt-daily.timer.d state=directory
- name: Install apt-daily timer config file
template:
src: "files/systemd/apt-daily.timer.conf"
dest: "/etc/systemd/system/apt-daily.timer.d/apt-daily.timer.conf"
- name: Start auto update again
raw: systemctl start apt-daily.timer
- name: Update all packages
apt: upgrade=safe
when: packer is defined
- name: Generate locales
shell: locale-gen "en_GB.UTF-8"
- name: Reconfigure locales
shell: DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
- name: Create the project directory.
file: state=directory path={{ project_root }}
- name: Create user.
user:
home: "{{ project_root }}/home"
name: "{{ project_name }}"
shell: "/bin/bash"
state: present
- name: Update the project directory.
file: group={{ project_name }} owner={{ project_name }} mode=755 state=directory path={{ project_root }}
- name: Create the code directory.
file: group={{ project_name }} owner={{ project_name }} mode=755 state=directory path={{ project_root }}/code/
- name: Install required system packages.
apt:
name: "{{ system_packages }}"
state: present
update_cache: yes
- name: Upgrade NPM
npm:
name: npm
global: true
version: "6.14.11"
state: latest
- name: Install required Python 3 packages.
pip:
name: "{{ python3_packages }}"
executable: pip3
- name: Change permissions.
shell: chown -R {{ project_name }}:{{ project_name }} {{ project_root }}
- name: Install nginx configuration file.
template: src=files/conf/nginx.conf dest=/etc/nginx/sites-enabled/{{ project_name }}
notify: restart nginx
- name: Remove default nginx vhost
file: name=/etc/nginx/sites-enabled/default state=absent
- name: Install systemd init scripts.
template:
src: "files/systemd/{{ item }}.service"
dest: "/etc/systemd/system/{{ project_name }}_{{ item }}.service"
with_items: "{{ initfiles }}"
notify:
- reload systemd
- restart web frontend
- name: Install systemd socket scripts.
template:
src: "files/systemd/{{ item }}.socket"
dest: "/etc/systemd/system/{{ project_name }}_gunicorn.socket"
with_items: "{{ initfiles }}"
notify:
- reload systemd
- restart web frontend
- name: systemd gunicorn tmpfiles.d
template:
src: "files/systemd/{{ item }}.tmpfiles"
dest: "/etc/tmpfiles.d/{{ project_name }}_gunicorn.conf"
with_items: "{{ initfiles }}"
notify:
- reload systemd
- restart web frontend
- name: "enable gunicorn"
shell: "systemctl enable {{ project_name }}_gunicorn.socket"
- name: "start gunicorn"
shell: "systemctl start {{ project_name }}_gunicorn.socket"
notify:
- restart web frontend
- restart nginx
- name: Set up handy bashrc file
lineinfile:
dest: "{{ project_root }}/home/.bashrc"
line: 'cd && cd ../code && source ../env/bin/activate'
- name: Run import councils from EC hourly
cron:
name: "Import councils from EC hourly"
job: "/usr/bin/manage-py-command import_councils --only-contact-details"
minute: "1"
user: "{{ project_name }}"
- name: Run import councils on the logger DB hourly
cron:
name: "Run import councils on the logger DB hourly"
job: "/usr/bin/manage-py-command import_councils --only-contact-details --database logger"
minute: "1"
user: "{{ project_name }}"
handlers:
- import_tasks: handlers.yml
- import_playbook: deploy.yml
tags: [deploy]
- import_playbook: addressbase.yml
when: packer_addressbase is defined
- import_playbook: import_data.yml
when: packer_import_data is defined
- import_playbook: init_db.yml
when: not packer
#- import_playbook: import_eoni.yml
# when: not packer