diff -r 279124b91971 -r 01a844d292ac dev/provisioning/playbook.yml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dev/provisioning/playbook.yml Mon Jun 15 19:30:32 2015 +0200 @@ -0,0 +1,377 @@ +--- +- hosts: all + + vars: + + # These are the Wordpress database settings + db_name: corpus + db_user: corpus + db_password: md5bf687edf8c06f3f1aa3759c82c1217a0 + + site_name: corpus-parole.local + + tasks: +# - name: install language pack +# command: localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 + + - name: set hostname + hostname: name={{site_name}} + + - name: ensure correct locale LC_ALL + lineinfile: dest=/etc/sysconfig/i18n regexp=^LC_ALL= line=LC_ALL="en_US.UTF-8" + - name: ensure correct locale LANG + lineinfile: dest=/etc/sysconfig/i18n regexp=^LANG= line=LANG="en_US.UTF-8" + + - name: set .bashrc + copy: src=files/.bashrc dest=/home/vagrant/.bashrc force=yes + - name: set .profile + copy: src=files/.profile dest=/home/vagrant/.profile force=yes + + - name: yum update + yum: name=* update_cache=yes state=latest + + - name: repo ignore outdated postgres base + ini_file: + dest: /etc/yum.repos.d/CentOS-Base.repo + section: base + option: exclude=postgresql* + + - name: repo ignore outdated postgres update + ini_file: + dest: /etc/yum.repos.d/CentOS-Base.repo + section: updates + option: exclude=postgresql* + + - name: additional repos install + yum: name={{item}} state=latest + with_items: + - epel-release + - centos-release-SCL + + # Remi yum repository. + - stat: path=/etc/yum.repos.d/remi.repo + register: remi_repo + + - name: Download Remi repo. + get_url: url=http://rpms.famillecollet.com/enterprise/remi-release-6.rpm dest=/tmp/ + when: remi_repo.stat.exists == False + + - name: Install Remi repo. + command: rpm -Uvh --force /tmp/remi-release-6.rpm creates=/etc/yum.repos.d/remi.repo + + - name : delete remi rpm + file: path=/tmp/remi-release-6.rpm state=absent + + # postgres yum repository. + - stat: path=/etc/yum.repos.d/pgdg-94-centos.repo + register: postgres_repo + + - name: Download Postgres repo. + get_url: url=http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm dest=/tmp/ + when: postgres_repo.stat.exists == False + + - name: Install postgres repo. + command: rpm -Uvh --force /tmp/pgdg-centos94-9.4-1.noarch.rpm creates=/etc/yum.repos.d/pgdg-94-centos.repo + + - name : delete postgres rpm + file: path=/tmp/pgdg-centos94-9.4-1.noarch.rpm state=absent + + - name: additional repos install epel + ini_file: + dest: /etc/yum.repos.d/epel.repo + section: epel + option: enabled + value: 1 + + - name: yum update after repos + yum: name=* update_cache=yes state=latest + + #TODO install alternative packages + - name: install libs + yum: name={{item}} state=latest enablerepo=remi + with_items: + - nginx + - postgresql94-server + - python-psycopg2 + - htop + - openssl + - php + - php-cli + - php-fpm + - php-mbstring + - php-mcrypt + - php-curl + - php-gd + - php-json + - php-pgsql + - php-xml + - java-1.8.0-openjdk + - tomcat6 + +#TODO: check php-fpm config in /etc/php5/fpm/... + +# - name: Start the services +# service: name={{item}} state=started enabled=true +# with_items: +# - postgres +# - nginx +# - tomcat + +## php-fpm config + +# set fpm user to nginx +# authoroze /var/log/php-fpm + - name: copy sysconfig for php-fpm + copy: src=files/sysconfig_php-fpm dest=/etc/sysconfig/php-fpm + - name: set /var/log/php-fpm permission + file: path=/var/log/php-fpm/ state=directory owner=nginx group=nginx + + - name: set php-fpm listen to socket + lineinfile: + dest: /etc/php-fpm.d/www.conf + regexp: '^listen\s*=' + line: 'listen = /var/run/php-fpm/php-fpm.sock' + state: present + + - name: set php-fpm user + lineinfile: + dest: /etc/php-fpm.d/www.conf + regexp: '^user\s*=' + line: 'user = nginx' + state: present + + - name: set php-fpm group + lineinfile: + dest: /etc/php-fpm.d/www.conf + regexp: '^group\s*=' + line: 'group = nginx' + state: present + + - name: set php-fpm user + lineinfile: + dest: /etc/php-fpm.d/www.conf + regexp: '^;listen.owner\s*=' + line: 'listen.owner = nginx' + state: present + + - name: set php-fpm group + lineinfile: + dest: /etc/php-fpm.d/www.conf + regexp: '^;listen.group\s*=' + line: 'listen.group = nginx' + state: present + + - name: set php-fpm permission + lineinfile: + dest: /etc/php-fpm.d/www.conf + regexp: '^;listen.mode\s*=' + line: 'listen.mode = 0660' + state: present + + + - name: restart php-fpm + service: name=php-fpm state=restarted enabled=yes + + +## nginx config + + - name: create ssl folder + file: path=/etc/nginx/ssl state=directory mode=0700 + - name: generate ssl key + command: openssl genrsa -out "/etc/nginx/ssl/{{ site_name }}.key" 1024 + args: + creates: /etc/nginx/ssl/{{ site_name }}.key + - name: generate ssl csr + command: openssl req -new -key /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.csr -subj "/CN={{ site_name }}/O=Vagrant/C=UK" + args: + creates: /etc/nginx/ssl/{{ site_name }}.csr + - name: generate ssl certificate + command: openssl x509 -req -days 365 -in /etc/nginx/ssl/{{ site_name }}.csr -signkey /etc/nginx/ssl/{{ site_name }}.key -out /etc/nginx/ssl/{{ site_name }}.crt + args: + creates: /etc/nginx/ssl/{{ site_name }}.crt + + - name: change nginx default + template: src=files/site.j2 dest=/etc/nginx/nginx.conf mode=0644 force=yes + + - name: restart nginx + service: name=nginx state=restarted enabled=yes + + +## postgres + - name: set postgresql to start + service: name=postgresql-9.4 enabled=yes + + - name: postgresql initdb + command: service postgresql-9.4 initdb + args: + creates: /var/lib/pgsql/9.4/data/postgresql.conf + +## configure tomcat + + - name: set JAVA_HOME + lineinfile: + dest: /etc/tomcat6/tomcat6.conf + regexp: '^\#JAVA_HOME=' + line: JAVA_HOME="/etc/alternatives/jre_1.8.0" + state: present + +## Install sesame + - stat: path=/var/lib/tomcat6/webapps/openrdf-sesame.war + register: sesame_jar + + - name: download sesame + get_url: url=http://sourceforge.net/projects/sesame/files/Sesame%202/2.8.3/openrdf-sesame-2.8.3-sdk.tar.gz/download dest=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz + when: sesame_jar.stat.exists == False + + - name: create sesame untar dest + file: path=/tmp/openrdf-sesame-2.8.3-sdk state=directory + when: sesame_jar.stat.exists == False + + - name: unarchive sesame + unarchive: src=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz dest=/tmp/openrdf-sesame-2.8.3-sdk copy=false + when: sesame_jar.stat.exists == False + + - name: deploy sesame jar + shell: cp /tmp/openrdf-sesame-2.8.3-sdk/openrdf-sesame-2.8.3/war/*.war /var/lib/tomcat6/webapps/ + when: sesame_jar.stat.exists == False + + - name: create sesame data folder + file: path=/var/lib/sesame/data state=directory owner=tomcat group=tomcat + when: sesame_jar.stat.exists == False + + - name: update tomcat config + lineinfile: + dest: /etc/tomcat6/tomcat6.conf + line: 'JAVA_OPTS=\"${JAVA_OPTS} -Dinfo.aduna.platform.appdata.basedir=/var/lib/sesame/data\"' + state: present + when: sesame_jar.stat.exists == False + + - name: restart tomcat + service: name=tomcat6 state=restarted enabled=yes + when: sesame_jar.stat.exists == False + + - name : delete sesame archive + file: path=/tmp/openrdf-sesame-2.8.3-sdk.tar.gz state=absent + + - name : delete sesame untar + file: path=/tmp/openrdf-sesame-2.8.3-sdk state=absent + + +#set postgresql local access to trust + - name: add trust access for postgresql user + lineinfile: + dest: /var/lib/pgsql/9.4/data/pg_hba.conf + regexp: '^host\s+all\s+postgres\s+.127\.0\.0\.1\/32\s+trust$' + insertafter: '^#\sIPv4\slocal.+' + line: 'host all postgres 127.0.0.1/32 trust' + + - name: postgresql start + service: name=postgresql-9.4 state=started + + - name: Create database user + postgresql_user: name={{ db_user }} password={{ db_password }} state=present + sudo: yes + sudo_user: postgres + + - name: create database + postgresql_db: name={{ db_name }} encoding=utf8 owner={{ db_user }} state=present + sudo: yes + sudo_user: postgres + + - name: restart postgres + service: name=postgresql-9.4 state=restarted + +## Install dev dependencies + + - name: install dev tools + yum: name="{{item}}" state=latest + with_items: + - "@Development tools" + + #install composer + - stat: path=/usr/local/bin/composer + register: composer_bin + + - name: install composer + shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin + when: composer_bin.stat.exists == False + - name: rename composer + command: mv /usr/local/bin/composer.phar /usr/local/bin/composer + when: composer_bin.stat.exists == False + + #install node + - stat: path=/usr/bin/node + register: node_bin + + - name: install node rpm + shell: curl -sL https://rpm.nodesource.com/setup | bash - + when: node_bin.stat.exists == False + - name: install node + yum: name=nodejs state=latest + when: node_bin.stat.exists == False + +## open ports + - name: get iptables rules + shell: iptables -L + register: iptablesrules + always_run: yes + sudo: true + + - name: add nginx http iptable rule + command: /sbin/iptables -I INPUT 1 -p tcp --dport http -j ACCEPT -m comment --comment "nginx 80" + sudo: true + when: iptablesrules.stdout.find("nginx 80") == -1 + + - name: add nginx http iptable rule + command: /sbin/iptables -I INPUT 1 -p tcp --dport https -j ACCEPT -m comment --comment "nginx 443" + sudo: true + when: iptablesrules.stdout.find("nginx 443") == -1 + + - name: add postgresql iptable rule + command: /sbin/iptables -I INPUT 1 -p tcp --dport 5432 -j ACCEPT -m comment --comment "postgresql" + sudo: true + when: iptablesrules.stdout.find("postgresql") == -1 + + - name: add tomcat iptable rule + command: /sbin/iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT -m comment --comment "tomcat" + sudo: true + when: iptablesrules.stdout.find("tomcat") == -1 + + - name: save iptables + command: service iptables save + sudo: true + + - name: restart iptables + service: name=iptables state=restarted + sudo: true + + handlers: + - name: nginx-restart + action: service name=nginx update_cache=yes state=latest + + +# - name: install nginx +# apt: name=nginx +# +# - name: change nginx default +# copy: src=files/default dest=/etc/nginx/sites-available/ mode=0644 force=yes +# +# - name: install software-properties-common +# apt: name=software-properties-common +# +# - name: add repo +# copy: src=files/mariadb.list dest=/etc/apt/sources.list.d/ +# register: mariadb_repo_present +# +# - name: add repokey +# command: apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db +# when: mariadb_repo_present.changed +# +# - name: apt install mariadb +# apt: name={{item}} update_cache=yes +# with_items: +# - mysql-common=5.1.67-mariadb122~precise +# - libmariadbclient16=5.1.67-mariadb122~precise +# - mariadb-client-core-5.1=5.1.67-mariadb122~precise +# - +# - mariadb-server