--- a/dev/provisioning/playbook.yml Fri Jan 15 15:27:56 2016 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,387 +0,0 @@
----
-- hosts: all
-
- vars:
-
- # These are the Wordpress database settings
- db_name: corpus
- db_user: corpus
- db_password: md5bf687edf8c06f3f1aa3759c82c1217a0
-
- tasks:
-# - name: install language pack
-# command: localedef -v -c -i en_US -f UTF-8 en_US.UTF-8
-
- - name: set hostname
- hostname: name={{site_name}}
- - name: set hosts IPv4
- lineinfile:
- dest: /etc/hosts
- line: 127.0.0.1 corpus-parole corpus-parole.local
- - name: set hosts IPv6
- lineinfile:
- dest: /etc/hosts
- line: ::1 corpus-parole corpus-parole.local
-
- - name: ensure correct locale LC_ALL
- lineinfile: dest=/etc/sysconfig/i18n regexp=^LC_ALL= line=LC_ALL="en_US.UTF-8"
- - name: ensure correct locale LANG
- lineinfile: dest=/etc/sysconfig/i18n regexp=^LANG= line=LANG="en_US.UTF-8"
-
- # - name: set .bashrc
- # copy: src=files/.bashrc dest=/home/vagrant/.bashrc force=yes
- # - name: set .profile
- # copy: src=files/.profile dest=/home/vagrant/.profile force=yes
-
- - name: check yum base last update
- stat: path=/var/cache/yum/x86_64/6/base/cachecookie
- register: yum_cache_stat_base
-
- - name: yum update
- yum: name=* update_cache=yes state=latest
-# when: ansible_date_time.epoch|float - yum_cache_stat_base.stat.mtime > 60*60*12*24
-
- - name: repo ignore outdated postgres base
- ini_file:
- dest: /etc/yum.repos.d/CentOS-Base.repo
- section: base
- option: exclude=postgresql*
-
- - name: repo ignore outdated postgres update
- ini_file:
- dest: /etc/yum.repos.d/CentOS-Base.repo
- section: updates
- option: exclude=postgresql*
-
- - name: additional repos install
- yum: name={{item}} state=latest
- with_items:
- - epel-release
- - centos-release-SCL
-
- # Remi yum repository.
- - stat: path=/etc/yum.repos.d/remi.repo
- register: remi_repo
-
- - name: Download Remi repo.
- get_url: url=http://rpms.famillecollet.com/enterprise/remi-release-6.rpm dest=/tmp/
- when: remi_repo.stat.exists == False
-
- - name: Install Remi repo.
- command: rpm -Uvh --force /tmp/remi-release-6.rpm creates=/etc/yum.repos.d/remi.repo
- when: remi_repo.stat.exists == False
-
- - name : delete remi rpm
- file: path=/tmp/remi-release-6.rpm state=absent
-
- # postgres yum repository.
- - stat: path=/etc/yum.repos.d/pgdg-94-centos.repo
- register: postgres_repo
-
- - name: Download Postgres repo.
- get_url: url=http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm dest=/tmp/
- when: postgres_repo.stat.exists == False
-
- - name: Install postgres repo.
- command: rpm -Uvh --force /tmp/pgdg-centos94-9.4-1.noarch.rpm creates=/etc/yum.repos.d/pgdg-94-centos.repo
- when: postgres_repo.stat.exists == False
-
- - name : delete postgres rpm
- file: path=/tmp/pgdg-centos94-9.4-1.noarch.rpm state=absent
-
- - name: additional repos install epel
- ini_file:
- dest: /etc/yum.repos.d/epel.repo
- section: epel
- option: enabled
- value: 1
-
- - name: check yum epel last update
- stat: path=/var/cache/yum/x86_64/6/epel/cachecookie
- register: yum_cache_stat_epel
-
- - name: yum update after repos
- yum: name=* update_cache=yes state=latest
-# when: ansible_date_time.epoch|float - yum_cache_stat_epel.stat.mtime > 60*60*12*24
-
- #TODO install alternative packages
- - name: install libs
- yum: name={{item}} state=latest enablerepo=remi
- with_items:
- - nginx
- - postgresql94-server
- - python-psycopg2
- - htop
- - openssl
- - php56
- - php56-php-fpm
- - php56-php-mbstring
- - php56-php-mcrypt
- - php56-php-gd
- - php56-php-pgsql
- - java-1.8.0-openjdk
- - tomcat
-
-
-## php-fpm config
-
-# set fpm user to nginx
-# authorize /var/log/php-fpm
- - name: copy sysconfig for php-fpm
- copy: src=files/sysconfig_php-fpm dest=/opt/remi/php56/root/etc/sysconfig/php-fpm
- - name: set /opt/remi/php56/root/var/log/php-fpm permission
- file: path=/opt/remi/php56/root/var/log/php-fpm/ state=directory owner=nginx group=nginx
-
- - name: set php-fpm listen to socket
- lineinfile:
- dest: /opt/remi/php56/root/etc/php-fpm.d/www.conf
- regexp: '^listen\s*='
- line: 'listen = /opt/remi/php56/root/var/run/php-fpm/php-fpm.sock'
- state: present
-
- - name: set php-fpm user
- lineinfile:
- dest: /opt/remi/php56/root/etc/php-fpm.d/www.conf
- regexp: '^user\s*='
- line: 'user = nginx'
- state: present
-
- - name: set php-fpm group
- lineinfile:
- dest: /opt/remi/php56/root/etc/php-fpm.d/www.conf
- regexp: '^group\s*='
- line: 'group = nginx'
- state: present
-
- - name: set php-fpm user
- lineinfile:
- dest: /opt/remi/php56/root/etc/php-fpm.d/www.conf
- regexp: '^;listen.owner\s*='
- line: 'listen.owner = nginx'
- state: present
-
- - name: set php-fpm group
- lineinfile:
- dest: /opt/remi/php56/root/etc/php-fpm.d/www.conf
- regexp: '^;listen.group\s*='
- line: 'listen.group = nginx'
- state: present
-
- - name: set php-fpm permission
- lineinfile:
- dest: /opt/remi/php56/root/etc/php-fpm.d/www.conf
- regexp: '^;listen.mode\s*='
- line: 'listen.mode = 0660'
- state: present
-
- - name: add link to php56 fpm log
- file: path=/var/log/php56-php-fpm src=/opt/remi/php56/root/var/log/php-fpm state=link
-
- - name: restart php-fpm
- service: name=php56-php-fpm state=restarted enabled=yes
-
-
-## nginx config
-
- - name: create ssl folder
- file: path=/etc/nginx/ssl state=directory mode=0700
- - name: generate ssl key
- command: openssl genrsa -out "/etc/nginx/ssl/{{ site_name }}.key" 1024
- args:
- creates: /etc/nginx/ssl/{{ site_name }}.key
- - name: generate ssl csr
- command: openssl req -new -key /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.csr -subj "/CN={{ site_name }}/O=MCC/C=FR"
- args:
- creates: /etc/nginx/ssl/{{ site_name }}.csr
- - name: generate ssl certificate
- command: openssl x509 -req -days 365 -in /etc/nginx/ssl/{{ site_name }}.csr -signkey /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.crt
- args:
- creates: /etc/nginx/ssl/{{ site_name }}.crt
-
- - name: change nginx default
- template: src=files/site.j2 dest=/etc/nginx/nginx.conf mode=0644 force=yes
-
- - name: restart nginx
- service: name=nginx state=restarted enabled=yes
-
-
-## postgres
- - name: set postgresql to start
- service: name=postgresql-9.4 enabled=yes
-
- - name: postgresql initdb
- command: service postgresql-9.4 initdb
- args:
- creates: /var/lib/pgsql/9.4/data/postgresql.conf
-
-## configure tomcat
-
- - name: set JAVA_HOME
- lineinfile:
- dest: /etc/tomcat/tomcat.conf
- regexp: '^\#?JAVA_HOME='
- line: JAVA_HOME="/etc/alternatives/jre_1.8.0"
- state: present
-
- - name: set parseBodyMethods to add POST
- lineinfile:
- dest: /etc/tomcat/server.xml
- regexp: '^\s+\<Connector\s+port=\"8080\"\s+protocol=\"HTTP\/1.1\"\s*$'
- line: ' <Connector port="8080" protocol="HTTP/1.1" parseBodyMethods="POST,PUT"'
- state: present
-
-## Install sesame
- - stat: path=/var/lib/tomcat/webapps/openrdf-sesame.war
- register: sesame_jar
-
- - name: download sesame
- get_url: url=http://sourceforge.net/projects/sesame/files/Sesame%204/4.0.0/openrdf-sesame-4.0.0-sdk.tar.gz/download dest=/tmp/openrdf-sesame-4.0.0-sdk.tar.gz
- when: sesame_jar.stat.exists == False
-
- - name: create sesame untar dest
- file: path=/tmp/openrdf-sesame-4.0.0-sdk state=directory
- when: sesame_jar.stat.exists == False
-
- - name: unarchive sesame
- unarchive: src=/tmp/openrdf-sesame-4.0.0-sdk.tar.gz dest=/tmp/openrdf-sesame-4.0.0-sdk copy=false
- when: sesame_jar.stat.exists == False
-
- - name: deploy sesame jar
- shell: cp /tmp/openrdf-sesame-4.0.0-sdk/openrdf-sesame-4.0.0/war/*.war /var/lib/tomcat/webapps/
- when: sesame_jar.stat.exists == False
-
- - name: create sesame data folder
- file: path=/var/lib/sesame/data state=directory owner=tomcat group=tomcat
- when: sesame_jar.stat.exists == False
-
- - name: update tomcat config
- lineinfile:
- dest: /etc/tomcat/tomcat.conf
- line: 'JAVA_OPTS=\"${JAVA_OPTS} -Dinfo.aduna.platform.appdata.basedir=/var/lib/sesame/data -Xms512m -Xmx512m\"'
- state: present
- when: sesame_jar.stat.exists == False
-
- - name: restart tomcat
- service: name=tomcat state=restarted enabled=yes
- when: sesame_jar.stat.exists == False
-
- - name : delete sesame archive
- file: path=/tmp/openrdf-sesame-4.0.0-sdk.tar.gz state=absent
-
- - name : delete sesame untar
- file: path=/tmp/openrdf-sesame-4.0.0-sdk state=absent
-
-
-#set postgresql local access to trust
- - name: add trust access for postgresql user
- lineinfile:
- dest: /var/lib/pgsql/9.4/data/pg_hba.conf
- regexp: '^host\s+all\s+postgres\s+.127\.0\.0\.1\/32\s+trust$'
- insertafter: '^#\sIPv4\slocal.+'
- line: 'host all postgres 127.0.0.1/32 trust'
-
- - name: postgresql start
- service: name=postgresql-9.4 state=started
-
- - name: Create database user
- postgresql_user: name={{ db_user }} password={{ db_password }} state=present
- sudo: yes
- sudo_user: postgres
-
- - name: create database
- postgresql_db: name={{ db_name }} encoding=utf8 owner={{ db_user }} state=present
- sudo: yes
- sudo_user: postgres
-
- - name: restart postgres
- service: name=postgresql-9.4 state=restarted
-
-## Install dev dependencies
-
- - name: install dev tools
- yum: name="{{item}}" state=latest
- with_items:
- - "@Development tools"
-
- #install composer
- - stat: path=/usr/local/bin/composer
- register: composer_bin
-
- - name: install composer
- shell: curl -sS https://getcomposer.org/installer | scl enable php56 'php -- --install-dir=/usr/local/bin'
- when: composer_bin.stat.exists == False
- - name: link composer
- file: path=/usr/local/bin/composer src=/usr/local/bin/composer.phar state=link
- when: composer_bin.stat.exists == False
-
- #install node
- - stat: path=/usr/bin/node
- register: node_bin
-
- - name: install node rpm
- shell: curl -sL https://rpm.nodesource.com/setup | bash -
- when: node_bin.stat.exists == False
- - name: install node
- yum: name=nodejs state=latest
- when: node_bin.stat.exists == False
-
-## open ports
- - name: get iptables rules
- shell: iptables -L
- register: iptablesrules
- always_run: yes
- sudo: true
-
- - name: add nginx http iptable rule
- command: /sbin/iptables -I INPUT 1 -p tcp --dport http -j ACCEPT -m comment --comment "nginx 80"
- sudo: true
- when: iptablesrules.stdout.find("nginx 80") == -1
-
- - name: add nginx http iptable rule
- command: /sbin/iptables -I INPUT 1 -p tcp --dport https -j ACCEPT -m comment --comment "nginx 443"
- sudo: true
- when: iptablesrules.stdout.find("nginx 443") == -1
-
- - name: add postgresql iptable rule
- command: /sbin/iptables -I INPUT 1 -p tcp --dport 5432 -j ACCEPT -m comment --comment "postgresql"
- sudo: true
- when: iptablesrules.stdout.find("postgresql") == -1
-
- - name: add tomcat iptable rule
- command: /sbin/iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT -m comment --comment "tomcat"
- sudo: true
- when: iptablesrules.stdout.find("tomcat") == -1
-
- - name: save iptables
- command: service iptables save
- sudo: true
-
- - name: restart iptables
- service: name=iptables state=restarted
- sudo: true
-
-# - name: install nginx
-# apt: name=nginx
-#
-# - name: change nginx default
-# copy: src=files/default dest=/etc/nginx/sites-available/ mode=0644 force=yes
-#
-# - name: install software-properties-common
-# apt: name=software-properties-common
-#
-# - name: add repo
-# copy: src=files/mariadb.list dest=/etc/apt/sources.list.d/
-# register: mariadb_repo_present
-#
-# - name: add repokey
-# command: apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
-# when: mariadb_repo_present.changed
-#
-# - name: apt install mariadb
-# apt: name={{item}} update_cache=yes
-# with_items:
-# - mysql-common=5.1.67-mariadb122~precise
-# - libmariadbclient16=5.1.67-mariadb122~precise
-# - mariadb-client-core-5.1=5.1.67-mariadb122~precise
-# -
-# - mariadb-server