corpus_parole: comparison dev/provisioning/playbook.yml

equal deleted inserted replaced

-:279124b91971
+:01a844d292ac
+---
+- hosts: all
+vars:
+# These are the Wordpress database settings
+db_name: corpus
+db_user: corpus
+db_password: md5bf687edf8c06f3f1aa3759c82c1217a0
+site_name: corpus-parole.local
+tasks:
+#   - name: install language pack
+#     command: localedef -v -c -i en_US -f UTF-8 en_US.UTF-8
+- name: set hostname
+hostname: name={{site_name}}
+- name: ensure correct locale LC_ALL
+lineinfile: dest=/etc/sysconfig/i18n regexp=^LC_ALL= line=LC_ALL="en_US.UTF-8"
+- name: ensure correct locale LANG
+lineinfile: dest=/etc/sysconfig/i18n regexp=^LANG= line=LANG="en_US.UTF-8"
+- name: set .bashrc
+copy: src=files/.bashrc dest=/home/vagrant/.bashrc force=yes
+- name: set .profile
+copy: src=files/.profile dest=/home/vagrant/.profile force=yes
+- name: yum update
+yum: name=* update_cache=yes state=latest
+- name: repo ignore outdated postgres base
+ini_file:
+dest: /etc/yum.repos.d/CentOS-Base.repo
+section: base
+option: exclude=postgresql*
+- name: repo ignore outdated postgres update
+ini_file:
+dest: /etc/yum.repos.d/CentOS-Base.repo
+section: updates
+option: exclude=postgresql*
+- name: additional repos install
+yum: name={{item}} state=latest
+with_items:
+- epel-release
+- centos-release-SCL
+# Remi yum repository.
+- stat: path=/etc/yum.repos.d/remi.repo
+register: remi_repo
+- name: Download Remi repo.
+get_url: url=http://rpms.famillecollet.com/enterprise/remi-release-6.rpm dest=/tmp/
+when: remi_repo.stat.exists == False
+- name: Install Remi repo.
+command: rpm -Uvh --force /tmp/remi-release-6.rpm creates=/etc/yum.repos.d/remi.repo
+- name : delete remi rpm
+file: path=/tmp/remi-release-6.rpm state=absent
+# postgres yum repository.
+- stat: path=/etc/yum.repos.d/pgdg-94-centos.repo
+register: postgres_repo
+- name: Download Postgres repo.
+get_url: url=http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm dest=/tmp/
+when: postgres_repo.stat.exists == False
+- name: Install postgres repo.
+command: rpm -Uvh --force /tmp/pgdg-centos94-9.4-1.noarch.rpm creates=/etc/yum.repos.d/pgdg-94-centos.repo
+- name : delete postgres rpm
+file: path=/tmp/pgdg-centos94-9.4-1.noarch.rpm state=absent
+- name: additional repos install epel
+ini_file:
+dest: /etc/yum.repos.d/epel.repo
+section: epel
+option: enabled
+value: 1
+- name: yum update after repos
+yum: name=* update_cache=yes state=latest
+#TODO install alternative packages
+- name: install libs
+yum: name={{item}} state=latest enablerepo=remi
+with_items:
+- nginx
+- postgresql94-server
+- python-psycopg2
+- htop
+- openssl
+- php
+- php-cli
+- php-fpm
+- php-mbstring
+- php-mcrypt
+- php-curl
+- php-gd
+- php-json
+- php-pgsql
+- php-xml
+- java-1.8.0-openjdk
+- tomcat6
+#TODO: check php-fpm config in /etc/php5/fpm/...
+#    - name: Start the services
+#      service: name={{item}} state=started enabled=true
+#      with_items:
+#        - postgres
+#        - nginx
+#        - tomcat
+## php-fpm config
+# set fpm user to nginx
+# authoroze /var/log/php-fpm
+- name: copy sysconfig for php-fpm
+copy: src=files/sysconfig_php-fpm dest=/etc/sysconfig/php-fpm
+- name: set /var/log/php-fpm permission
+file: path=/var/log/php-fpm/ state=directory owner=nginx group=nginx
+- name: set php-fpm listen to socket
+lineinfile:
+dest: /etc/php-fpm.d/www.conf
+regexp: '^listen\s*='
+line: 'listen = /var/run/php-fpm/php-fpm.sock'
+state: present
+- name: set php-fpm user
+lineinfile:
+dest: /etc/php-fpm.d/www.conf
+regexp: '^user\s*='
+line: 'user = nginx'
+state: present
+- name: set php-fpm group
+lineinfile:
+dest: /etc/php-fpm.d/www.conf
+regexp: '^group\s*='
+line: 'group = nginx'
+state: present
+- name: set php-fpm user
+lineinfile:
+dest: /etc/php-fpm.d/www.conf
+regexp: '^;listen.owner\s*='
+line: 'listen.owner = nginx'
+state: present
+- name: set php-fpm group
+lineinfile:
+dest: /etc/php-fpm.d/www.conf
+regexp: '^;listen.group\s*='
+line: 'listen.group = nginx'
+state: present
+- name: set php-fpm permission
+lineinfile:
+dest: /etc/php-fpm.d/www.conf
+regexp: '^;listen.mode\s*='
+line: 'listen.mode = 0660'
+state: present
+- name: restart php-fpm
+service: name=php-fpm state=restarted enabled=yes
+## nginx config
+- name: create ssl folder
+file: path=/etc/nginx/ssl state=directory mode=0700
+- name: generate ssl key
+command: openssl genrsa -out "/etc/nginx/ssl/{{ site_name }}.key" 1024
+args:
+creates: /etc/nginx/ssl/{{ site_name }}.key
+- name: generate ssl csr
+command: openssl req -new -key /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.csr -subj "/CN={{ site_name }}/O=Vagrant/C=UK"
+args:
+creates: /etc/nginx/ssl/{{ site_name }}.csr
+- name: generate ssl certificate
+command: openssl x509 -req -days 365 -in /etc/nginx/ssl/{{ site_name }}.csr -signkey /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.crt
+args:
+creates: /etc/nginx/ssl/{{ site_name }}.crt
+- name: change nginx default
+template: src=files/site.j2 dest=/etc/nginx/nginx.conf mode=0644 force=yes
+- name: restart nginx
+service: name=nginx state=restarted enabled=yes
+## postgres
+- name: set postgresql to start
+service: name=postgresql-9.4 enabled=yes
+- name: postgresql initdb
+command: service postgresql-9.4 initdb
+args:
+creates: /var/lib/pgsql/9.4/data/postgresql.conf
+## configure tomcat
+- name: set JAVA_HOME
+lineinfile:
+dest: /etc/tomcat6/tomcat6.conf
+regexp: '^\#JAVA_HOME='
+line: JAVA_HOME="/etc/alternatives/jre_1.8.0"
+state: present
+## Install sesame
+- stat: path=/var/lib/tomcat6/webapps/openrdf-sesame.war
+register: sesame_jar
+- name: download sesame
+get_url: url=http://sourceforge.net/projects/sesame/files/Sesame%202/2.8.3/openrdf-sesame-2.8.3-sdk.tar.gz/download dest=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz
+when: sesame_jar.stat.exists == False
+- name: create sesame untar dest
+file: path=/tmp/openrdf-sesame-2.8.3-sdk state=directory
+when: sesame_jar.stat.exists == False
+- name: unarchive sesame
+unarchive: src=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz dest=/tmp/openrdf-sesame-2.8.3-sdk copy=false
+when: sesame_jar.stat.exists == False
+- name: deploy sesame jar
+shell: cp /tmp/openrdf-sesame-2.8.3-sdk/openrdf-sesame-2.8.3/war/*.war /var/lib/tomcat6/webapps/
+when: sesame_jar.stat.exists == False
+- name: create sesame data folder
+file: path=/var/lib/sesame/data state=directory owner=tomcat group=tomcat
+when: sesame_jar.stat.exists == False
+- name: update tomcat config
+lineinfile:
+dest: /etc/tomcat6/tomcat6.conf
+line: 'JAVA_OPTS=\"${JAVA_OPTS} -Dinfo.aduna.platform.appdata.basedir=/var/lib/sesame/data\"'
+state: present
+when: sesame_jar.stat.exists == False
+- name: restart tomcat
+service: name=tomcat6 state=restarted enabled=yes
+when: sesame_jar.stat.exists == False
+- name : delete sesame archive
+file: path=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz state=absent
+- name : delete sesame untar
+file: path=/tmp/openrdf-sesame-2.8.3-sdk state=absent
+#set postgresql local access to trust
+- name: add trust access for postgresql user
+lineinfile:
+dest: /var/lib/pgsql/9.4/data/pg_hba.conf
+regexp: '^host\s+all\s+postgres\s+.127\.0\.0\.1\/32\s+trust$'
+insertafter: '^#\sIPv4\slocal.+'
+line: 'host   all             postgres        127.0.0.1/32            trust'
+- name: postgresql start
+service: name=postgresql-9.4 state=started
+- name: Create database user
+postgresql_user: name={{ db_user }} password={{ db_password }} state=present
+sudo: yes
+sudo_user: postgres
+- name: create database
+postgresql_db: name={{ db_name }} encoding=utf8 owner={{ db_user }} state=present
+sudo: yes
+sudo_user: postgres
+- name: restart postgres
+service: name=postgresql-9.4 state=restarted
+## Install dev dependencies
+- name: install dev tools
+yum: name="{{item}}" state=latest
+with_items:
+- "@Development tools"
+#install composer
+- stat: path=/usr/local/bin/composer
+register: composer_bin
+- name: install composer
+shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin
+when: composer_bin.stat.exists == False
+- name: rename composer
+command: mv /usr/local/bin/composer.phar /usr/local/bin/composer
+when: composer_bin.stat.exists == False
+#install node
+- stat: path=/usr/bin/node
+register: node_bin
+- name: install node rpm
+shell: curl -sL https://rpm.nodesource.com/setup | bash -
+when: node_bin.stat.exists == False
+- name: install node
+yum: name=nodejs state=latest
+when: node_bin.stat.exists == False
+## open ports
+- name: get iptables rules
+shell: iptables -L
+register: iptablesrules
+always_run: yes
+sudo: true
+- name: add nginx http iptable rule
+command: /sbin/iptables -I INPUT 1 -p tcp --dport http -j ACCEPT -m comment --comment "nginx 80"
+sudo: true
+when: iptablesrules.stdout.find("nginx 80") == -1
+- name: add nginx http iptable rule
+command: /sbin/iptables -I INPUT 1 -p tcp --dport https -j ACCEPT -m comment --comment "nginx 443"
+sudo: true
+when: iptablesrules.stdout.find("nginx 443") == -1
+- name: add postgresql iptable rule
+command: /sbin/iptables -I INPUT 1 -p tcp --dport 5432 -j ACCEPT -m comment --comment "postgresql"
+sudo: true
+when: iptablesrules.stdout.find("postgresql") == -1
+- name: add tomcat iptable rule
+command: /sbin/iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT -m comment --comment "tomcat"
+sudo: true
+when: iptablesrules.stdout.find("tomcat") == -1
+- name: save iptables
+command: service iptables save
+sudo: true
+- name: restart iptables
+service: name=iptables state=restarted
+sudo: true
+handlers:
+- name: nginx-restart
+action: service name=nginx update_cache=yes state=latest
+# - name: install nginx
+#   apt: name=nginx
+#
+# - name: change nginx default
+#   copy: src=files/default dest=/etc/nginx/sites-available/ mode=0644 force=yes
+#
+# - name: install software-properties-common
+#   apt: name=software-properties-common
+#
+# - name: add repo
+#   copy: src=files/mariadb.list dest=/etc/apt/sources.list.d/
+#   register: mariadb_repo_present
+#
+# - name: add repokey
+#   command: apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
+#   when: mariadb_repo_present.changed
+#
+# - name: apt install mariadb
+#   apt: name={{item}} update_cache=yes
+#   with_items:
+#     - mysql-common=5.1.67-mariadb122~precise
+#     - libmariadbclient16=5.1.67-mariadb122~precise
+#     - mariadb-client-core-5.1=5.1.67-mariadb122~precise
+#     -
+#     - mariadb-server

changeset 1	01a844d292ac
child 2	00e2916104fe