Deploy ExecDB to the ResultsDB-dev-machine

2015-03-23 16:11:55 +00:00 · 2015-03-23 16:11:55 +00:00 · 24c7c84ad5
commit 24c7c84ad5
parent b4be4fe3d2
10 changed files with 143 additions and 5 deletions
--- a/roles/taskotron/execdb/tasks/main.yml
+++ b/roles/taskotron/execdb/tasks/main.yml
@ -0,0 +1,57 @@
+- name: ensure packages required for execdb are installed
+  action: yum name={{ item }} state=latest
+  with_items:
+    - execdb
+    - mod_wsgi
+    - python-psycopg2
+    - libsemanage-python
+
+- name: ensure database is created
+  delegate_to: "{{ execdb_db_host }}"
+  sudo_user: postgres
+  sudo: true
+  action: postgresql_db db={{ execdb_db_name }}
+
+- name: ensure dev execdb db user has access to dev database
+  when: deployment_type == 'dev'
+  delegate_to: "{{ execdb_db_host }}"
+  sudo_user: postgres
+  sudo: true
+  action: postgresql_user db={{ execdb_db_name }} user={{ dev_execdb_db_user }} password={{ dev_execdb_db_password }} role_attr_flags=NOSUPERUSER
+
+- name: ensure stg execdb db user has access to stg database
+  when: deployment_type == 'stg'
+  delegate_to: "{{ execdb_db_host }}"
+  sudo_user: postgres
+  sudo: true
+  action: postgresql_user db={{ execdb_db_name }} user={{ stg_execdb_db_user }} password={{ stg_execdb_db_password }} role_attr_flags=NOSUPERUSER
+
+- name: ensure prod execdb db user has access to prod database
+  when: deployment_type == 'prod'
+  delegate_to: "{{ execdb_db_host }}"
+  sudo_user: postgres
+  sudo: true
+  action: postgresql_user db={{ execdb_db_name }} user={{ prod_execdb_db_user }} password={{ prod_execdb_db_password }} role_attr_flags=NOSUPERUSER
+
+- name: ensure local execdb db user has access to prod database
+  when: deployment_type == 'local'
+  delegate_to: "{{ execdb_db_host }}"
+  sudo_user: postgres
+  sudo: true
+  action: postgresql_user db={{ execdb_db_name }} user={{ local_execdb_db_user }} password={{ local_execdb_db_password }} role_attr_flags=NOSUPERUSER
+
+- name: ensure selinux lets httpd talk to postgres
+  seboolean: name=httpd_can_network_connect_db persistent=yes state=yes
+
+- name: generate execdb config
+  template: src=settings.py.j2 dest=/etc/execdb/settings.py owner=root group=root mode=0644
+  notify:
+    - restart httpd
+
+- name: generate execdb apache config
+  template: src=execdb.conf.j2 dest=/etc/httpd/conf.d/execdb.conf owner=root group=root mode=0644
+  notify:
+    - restart httpd
+
+- name: initialize execdb database
+  shell: PROD='true' execdb init_db
--- a/roles/taskotron/execdb/templates/execdb.conf.j2
+++ b/roles/taskotron/execdb/templates/execdb.conf.j2
@ -0,0 +1,34 @@
+WSGIDaemonProcess execdb user=apache group=apache threads=5
+WSGIScriptAlias /{{ execdb_endpoint }} /usr/share/execdb/execdb.wsgi
+WSGISocketPrefix run/wsgi
+
+# this isn't the best way to force SSL but it works for now
+#RewriteEngine On
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^/execdb/admin/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+
+<Directory /usr/share/execdb>
+    WSGIProcessGroup execdb
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIScriptReloading On
+    <IfModule mod_authz_core.c>
+        # Apache 2.4
+        <RequireAny>
+            Require method GET
+            Require ip 127.0.0.1 ::1{% for host in allowed_hosts %} {{ host }}{% endfor %}
+
+        </RequireAny>
+    </IfModule>
+    <IfModule !mod_auth_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+</Directory>
+
+#Alias /execdb/static /var/www/execdb/execdb/static
+
+#<Directory /var/www/execdb/execdb/static>
+#Order allow,deny
+#Allow from all
+#</Directory>
--- a/roles/taskotron/execdb/templates/settings.py.j2
+++ b/roles/taskotron/execdb/templates/settings.py.j2
@ -0,0 +1,20 @@
+{%- if deployment_type == 'prod' %}
+SECRET_KEY = '{{ prod_execdb_secret_key }}'
+SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ prod_execdb_db_user }}:{{ prod_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}'
+{% endif %}
+{%- if deployment_type == 'stg' %}
+SECRET_KEY = '{{ stg_execdb_secret_key }}'
+SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ stg_execdb_db_user }}:{{ stg_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}'
+{% endif %}
+{%- if deployment_type == 'dev' %}
+SECRET_KEY = '{{ dev_execdb_secret_key }}'
+SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ dev_execdb_db_user }}:{{ dev_execdb_db_password }}@{{ execdb_db_host }}:{{ execdb_db_port }}/{{ execdb_db_name }}'
+{% endif %}
+{%- if deployment_type == 'local' %}
+SECRET_KEY = '{{ local_execdb_secret_key }}'
+SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://{{ local_execdb_db_user }}:{{ local_execdb_db_password }}@127.0.0.1:{{ execdb_db_port }}/{{ execdb_db_name }}'
+{% endif %}
+FILE_LOGGING = False
+LOGFILR = '/var/log/execdb/execdb.log'
+SYSLOG_LOGGING = False
+STREAM_LOGGING = True