--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/provisioning/playbook.yml Mon Jun 15 19:30:32 2015 +0200
@@ -0,0 +1,377 @@
+---
+- hosts: all
+
+ vars:
+
+ # These are the Wordpress database settings
+ db_name: corpus
+ db_user: corpus
+ db_password: md5bf687edf8c06f3f1aa3759c82c1217a0
+
+ site_name: corpus-parole.local
+
+ tasks:
+# - name: install language pack
+# command: localedef -v -c -i en_US -f UTF-8 en_US.UTF-8
+
+ - name: set hostname
+ hostname: name={{site_name}}
+
+ - name: ensure correct locale LC_ALL
+ lineinfile: dest=/etc/sysconfig/i18n regexp=^LC_ALL= line=LC_ALL="en_US.UTF-8"
+ - name: ensure correct locale LANG
+ lineinfile: dest=/etc/sysconfig/i18n regexp=^LANG= line=LANG="en_US.UTF-8"
+
+ - name: set .bashrc
+ copy: src=files/.bashrc dest=/home/vagrant/.bashrc force=yes
+ - name: set .profile
+ copy: src=files/.profile dest=/home/vagrant/.profile force=yes
+
+ - name: yum update
+ yum: name=* update_cache=yes state=latest
+
+ - name: repo ignore outdated postgres base
+ ini_file:
+ dest: /etc/yum.repos.d/CentOS-Base.repo
+ section: base
+ option: exclude=postgresql*
+
+ - name: repo ignore outdated postgres update
+ ini_file:
+ dest: /etc/yum.repos.d/CentOS-Base.repo
+ section: updates
+ option: exclude=postgresql*
+
+ - name: additional repos install
+ yum: name={{item}} state=latest
+ with_items:
+ - epel-release
+ - centos-release-SCL
+
+ # Remi yum repository.
+ - stat: path=/etc/yum.repos.d/remi.repo
+ register: remi_repo
+
+ - name: Download Remi repo.
+ get_url: url=http://rpms.famillecollet.com/enterprise/remi-release-6.rpm dest=/tmp/
+ when: remi_repo.stat.exists == False
+
+ - name: Install Remi repo.
+ command: rpm -Uvh --force /tmp/remi-release-6.rpm creates=/etc/yum.repos.d/remi.repo
+
+ - name : delete remi rpm
+ file: path=/tmp/remi-release-6.rpm state=absent
+
+ # postgres yum repository.
+ - stat: path=/etc/yum.repos.d/pgdg-94-centos.repo
+ register: postgres_repo
+
+ - name: Download Postgres repo.
+ get_url: url=http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm dest=/tmp/
+ when: postgres_repo.stat.exists == False
+
+ - name: Install postgres repo.
+ command: rpm -Uvh --force /tmp/pgdg-centos94-9.4-1.noarch.rpm creates=/etc/yum.repos.d/pgdg-94-centos.repo
+
+ - name : delete postgres rpm
+ file: path=/tmp/pgdg-centos94-9.4-1.noarch.rpm state=absent
+
+ - name: additional repos install epel
+ ini_file:
+ dest: /etc/yum.repos.d/epel.repo
+ section: epel
+ option: enabled
+ value: 1
+
+ - name: yum update after repos
+ yum: name=* update_cache=yes state=latest
+
+ #TODO install alternative packages
+ - name: install libs
+ yum: name={{item}} state=latest enablerepo=remi
+ with_items:
+ - nginx
+ - postgresql94-server
+ - python-psycopg2
+ - htop
+ - openssl
+ - php
+ - php-cli
+ - php-fpm
+ - php-mbstring
+ - php-mcrypt
+ - php-curl
+ - php-gd
+ - php-json
+ - php-pgsql
+ - php-xml
+ - java-1.8.0-openjdk
+ - tomcat6
+
+#TODO: check php-fpm config in /etc/php5/fpm/...
+
+# - name: Start the services
+# service: name={{item}} state=started enabled=true
+# with_items:
+# - postgres
+# - nginx
+# - tomcat
+
+## php-fpm config
+
+# set fpm user to nginx
+# authoroze /var/log/php-fpm
+ - name: copy sysconfig for php-fpm
+ copy: src=files/sysconfig_php-fpm dest=/etc/sysconfig/php-fpm
+ - name: set /var/log/php-fpm permission
+ file: path=/var/log/php-fpm/ state=directory owner=nginx group=nginx
+
+ - name: set php-fpm listen to socket
+ lineinfile:
+ dest: /etc/php-fpm.d/www.conf
+ regexp: '^listen\s*='
+ line: 'listen = /var/run/php-fpm/php-fpm.sock'
+ state: present
+
+ - name: set php-fpm user
+ lineinfile:
+ dest: /etc/php-fpm.d/www.conf
+ regexp: '^user\s*='
+ line: 'user = nginx'
+ state: present
+
+ - name: set php-fpm group
+ lineinfile:
+ dest: /etc/php-fpm.d/www.conf
+ regexp: '^group\s*='
+ line: 'group = nginx'
+ state: present
+
+ - name: set php-fpm user
+ lineinfile:
+ dest: /etc/php-fpm.d/www.conf
+ regexp: '^;listen.owner\s*='
+ line: 'listen.owner = nginx'
+ state: present
+
+ - name: set php-fpm group
+ lineinfile:
+ dest: /etc/php-fpm.d/www.conf
+ regexp: '^;listen.group\s*='
+ line: 'listen.group = nginx'
+ state: present
+
+ - name: set php-fpm permission
+ lineinfile:
+ dest: /etc/php-fpm.d/www.conf
+ regexp: '^;listen.mode\s*='
+ line: 'listen.mode = 0660'
+ state: present
+
+
+ - name: restart php-fpm
+ service: name=php-fpm state=restarted enabled=yes
+
+
+## nginx config
+
+ - name: create ssl folder
+ file: path=/etc/nginx/ssl state=directory mode=0700
+ - name: generate ssl key
+ command: openssl genrsa -out "/etc/nginx/ssl/{{ site_name }}.key" 1024
+ args:
+ creates: /etc/nginx/ssl/{{ site_name }}.key
+ - name: generate ssl csr
+ command: openssl req -new -key /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.csr -subj "/CN={{ site_name }}/O=Vagrant/C=UK"
+ args:
+ creates: /etc/nginx/ssl/{{ site_name }}.csr
+ - name: generate ssl certificate
+ command: openssl x509 -req -days 365 -in /etc/nginx/ssl/{{ site_name }}.csr -signkey /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.crt
+ args:
+ creates: /etc/nginx/ssl/{{ site_name }}.crt
+
+ - name: change nginx default
+ template: src=files/site.j2 dest=/etc/nginx/nginx.conf mode=0644 force=yes
+
+ - name: restart nginx
+ service: name=nginx state=restarted enabled=yes
+
+
+## postgres
+ - name: set postgresql to start
+ service: name=postgresql-9.4 enabled=yes
+
+ - name: postgresql initdb
+ command: service postgresql-9.4 initdb
+ args:
+ creates: /var/lib/pgsql/9.4/data/postgresql.conf
+
+## configure tomcat
+
+ - name: set JAVA_HOME
+ lineinfile:
+ dest: /etc/tomcat6/tomcat6.conf
+ regexp: '^\#JAVA_HOME='
+ line: JAVA_HOME="/etc/alternatives/jre_1.8.0"
+ state: present
+
+## Install sesame
+ - stat: path=/var/lib/tomcat6/webapps/openrdf-sesame.war
+ register: sesame_jar
+
+ - name: download sesame
+ get_url: url=http://sourceforge.net/projects/sesame/files/Sesame%202/2.8.3/openrdf-sesame-2.8.3-sdk.tar.gz/download dest=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz
+ when: sesame_jar.stat.exists == False
+
+ - name: create sesame untar dest
+ file: path=/tmp/openrdf-sesame-2.8.3-sdk state=directory
+ when: sesame_jar.stat.exists == False
+
+ - name: unarchive sesame
+ unarchive: src=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz dest=/tmp/openrdf-sesame-2.8.3-sdk copy=false
+ when: sesame_jar.stat.exists == False
+
+ - name: deploy sesame jar
+ shell: cp /tmp/openrdf-sesame-2.8.3-sdk/openrdf-sesame-2.8.3/war/*.war /var/lib/tomcat6/webapps/
+ when: sesame_jar.stat.exists == False
+
+ - name: create sesame data folder
+ file: path=/var/lib/sesame/data state=directory owner=tomcat group=tomcat
+ when: sesame_jar.stat.exists == False
+
+ - name: update tomcat config
+ lineinfile:
+ dest: /etc/tomcat6/tomcat6.conf
+ line: 'JAVA_OPTS=\"${JAVA_OPTS} -Dinfo.aduna.platform.appdata.basedir=/var/lib/sesame/data\"'
+ state: present
+ when: sesame_jar.stat.exists == False
+
+ - name: restart tomcat
+ service: name=tomcat6 state=restarted enabled=yes
+ when: sesame_jar.stat.exists == False
+
+ - name : delete sesame archive
+ file: path=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz state=absent
+
+ - name : delete sesame untar
+ file: path=/tmp/openrdf-sesame-2.8.3-sdk state=absent
+
+
+#set postgresql local access to trust
+ - name: add trust access for postgresql user
+ lineinfile:
+ dest: /var/lib/pgsql/9.4/data/pg_hba.conf
+ regexp: '^host\s+all\s+postgres\s+.127\.0\.0\.1\/32\s+trust$'
+ insertafter: '^#\sIPv4\slocal.+'
+ line: 'host all postgres 127.0.0.1/32 trust'
+
+ - name: postgresql start
+ service: name=postgresql-9.4 state=started
+
+ - name: Create database user
+ postgresql_user: name={{ db_user }} password={{ db_password }} state=present
+ sudo: yes
+ sudo_user: postgres
+
+ - name: create database
+ postgresql_db: name={{ db_name }} encoding=utf8 owner={{ db_user }} state=present
+ sudo: yes
+ sudo_user: postgres
+
+ - name: restart postgres
+ service: name=postgresql-9.4 state=restarted
+
+## Install dev dependencies
+
+ - name: install dev tools
+ yum: name="{{item}}" state=latest
+ with_items:
+ - "@Development tools"
+
+ #install composer
+ - stat: path=/usr/local/bin/composer
+ register: composer_bin
+
+ - name: install composer
+ shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin
+ when: composer_bin.stat.exists == False
+ - name: rename composer
+ command: mv /usr/local/bin/composer.phar /usr/local/bin/composer
+ when: composer_bin.stat.exists == False
+
+ #install node
+ - stat: path=/usr/bin/node
+ register: node_bin
+
+ - name: install node rpm
+ shell: curl -sL https://rpm.nodesource.com/setup | bash -
+ when: node_bin.stat.exists == False
+ - name: install node
+ yum: name=nodejs state=latest
+ when: node_bin.stat.exists == False
+
+## open ports
+ - name: get iptables rules
+ shell: iptables -L
+ register: iptablesrules
+ always_run: yes
+ sudo: true
+
+ - name: add nginx http iptable rule
+ command: /sbin/iptables -I INPUT 1 -p tcp --dport http -j ACCEPT -m comment --comment "nginx 80"
+ sudo: true
+ when: iptablesrules.stdout.find("nginx 80") == -1
+
+ - name: add nginx http iptable rule
+ command: /sbin/iptables -I INPUT 1 -p tcp --dport https -j ACCEPT -m comment --comment "nginx 443"
+ sudo: true
+ when: iptablesrules.stdout.find("nginx 443") == -1
+
+ - name: add postgresql iptable rule
+ command: /sbin/iptables -I INPUT 1 -p tcp --dport 5432 -j ACCEPT -m comment --comment "postgresql"
+ sudo: true
+ when: iptablesrules.stdout.find("postgresql") == -1
+
+ - name: add tomcat iptable rule
+ command: /sbin/iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT -m comment --comment "tomcat"
+ sudo: true
+ when: iptablesrules.stdout.find("tomcat") == -1
+
+ - name: save iptables
+ command: service iptables save
+ sudo: true
+
+ - name: restart iptables
+ service: name=iptables state=restarted
+ sudo: true
+
+ handlers:
+ - name: nginx-restart
+ action: service name=nginx update_cache=yes state=latest
+
+
+# - name: install nginx
+# apt: name=nginx
+#
+# - name: change nginx default
+# copy: src=files/default dest=/etc/nginx/sites-available/ mode=0644 force=yes
+#
+# - name: install software-properties-common
+# apt: name=software-properties-common
+#
+# - name: add repo
+# copy: src=files/mariadb.list dest=/etc/apt/sources.list.d/
+# register: mariadb_repo_present
+#
+# - name: add repokey
+# command: apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
+# when: mariadb_repo_present.changed
+#
+# - name: apt install mariadb
+# apt: name={{item}} update_cache=yes
+# with_items:
+# - mysql-common=5.1.67-mariadb122~precise
+# - libmariadbclient16=5.1.67-mariadb122~precise
+# - mariadb-client-core-5.1=5.1.67-mariadb122~precise
+# -
+# - mariadb-server