add libravatar playbooks

This commit is contained in:
clime 2018-10-06 23:23:05 +02:00
parent 592fffe808
commit 927b108466
11 changed files with 244 additions and 0 deletions

View file

@ -57,6 +57,8 @@ java-deptools.fedorainfracloud.org
simple-koji-ci-dev.fedorainfracloud.org
simple-koji-ci-prod.fedorainfracloud.org
lists-dev.fedorainfracloud.org
libravatar.fedorainfracloud.org
libravatar-stg.fedorainfracloud.org
magazine2.fedorainfracloud.org
ppc64le-test.fedorainfracloud.org
ppc64-test.fedorainfracloud.org

View file

@ -0,0 +1,19 @@
---
instance_type: m1.medium
image: "{{ fedora28_x86_64 }}"
keypair: fedora-admin-20130801
security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent
zone: nova
hostbase: libravatar-stg-
public_ip: 209.132.184.139
root_auth_users: clime
description: libravatar staging server
tcp_ports: ['22', '80', '443']
# volumes: libravatar-data
volumes: [ {volume_id: 'a000b415-7720-417f-ae07-67c42c22c604', device: '/dev/vdb'} ]
inventory_tenant: persistent
# name of machine in OpenStack
inventory_instance_name: libravatar-stg
cloud_networks:
# persistent-net
- net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"

View file

@ -0,0 +1,19 @@
---
instance_type: ms1.large
image: "{{ fedora28_x86_64 }}"
keypair: fedora-admin-20130801
security_group: web-80-anywhere-persistent,web-443-anywhere-persistent,ssh-anywhere-persistent,default,all-icmp-persistent
zone: nova
hostbase: libravatar-
public_ip: 209.132.184.138
root_auth_users: clime
description: libravatar production server
tcp_ports: ['22', '80', '443']
# volumes: libravatar-data
volumes: [ {volume_id: '50141ea0-9d3f-41bd-a78a-f902bb6a99c2', device: '/dev/vdb'} ]
inventory_tenant: persistent
# name of machine in OpenStack
inventory_instance_name: libravatar
cloud_networks:
# persistent-net
- net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"

View file

@ -781,6 +781,7 @@ kerneltest01.stg.phx2.fedoraproject.org
koji01.stg.phx2.fedoraproject.org
koschei-backend01.stg.phx2.fedoraproject.org
koschei-web01.stg.phx2.fedoraproject.org
libravatar-stg.fedorainfracloud.org
loopabull01.stg.phx2.fedoraproject.org
mailman01.stg.phx2.fedoraproject.org
mbs-backend01.stg.phx2.fedoraproject.org
@ -1198,6 +1199,8 @@ telegram-irc.fedorainfracloud.org
# Happiness packets
happinesspackets.fedorainfracloud.org
happinesspackets-stg.fedorainfracloud.org
libravatar.fedorainfracloud.org
libravatar-stg.fedorainfracloud.org
#
# These are in the new cloud
@ -1314,6 +1317,12 @@ copr-back-dev
copr-keygen-dev
copr-dist-git-dev
[libravatar]
libravatar.fedorainfracloud.org
[libravatar-stg]
libravatar-stg.fedorainfracloud.org
[pagure]
pagure01.fedoraproject.org

View file

@ -0,0 +1,37 @@
- name: check/create instance
hosts: libravatar-stg:libravatar
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/fedora-cloud.yml
- /srv/private/ansible/files/openstack/passwords.yml
tasks:
- import_tasks: "{{ tasks_path }}/persistent_cloud.yml"
- name: cloud basic setup
hosts: libravatar-stg:libravatar
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
tasks:
- import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
- name: provision instance
hosts: libravatar-stg:libravatar
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- libravatar
- { role: letsencrypt, site_name: {{ inventory_hostname }} }

View file

@ -0,0 +1 @@
# empty

View file

@ -0,0 +1,9 @@
local libravatar libravatar md5
host libravatar libravatar 127.0.0.1/8 md5
host libravatar libravatar ::1/128 md5
local libravatar postgres ident
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
host all all 127.0.0.1/32 ident
host all all ::1/128 ident

View file

@ -0,0 +1 @@
- import_tasks: "{{ handlers_path }}/restart_services.yml"

View file

@ -0,0 +1,89 @@
---
- import_tasks: "mount_fs.yml"
- name: install prerequisities
package: state=present pkg={{ item }}
with_items:
- "postgresql-server"
- "postgresql-contrib"
- "python3-psycopg2"
- "libselinux-python"
- "libsemanage-python"
- "python3-virtualenv"
- "community-mysql-devel"
- "openldap-devel"
- "python3-pip"
- "gcc"
- "git"
- "httpd"
- "python3-mod_wsgi"
- group: name=www
- user: name=www group=www
- git:
repo: https://git.linux-kernel.at/oliver/ivatar.git
dest: /srv/libravatar
ignore_errors: yes
- pip:
requirements: requirements.txt
virtualenv: /srv/data/.virtualenv
virtualenv_command: virtualenv-3
chdir: /srv/libravatar
- name: copy run-in-venv.sh script
copy: src="/srv/data/run-in-venv.sh" dest="/usr/local/bin/run-in-venv.sh" mode=755
- name: 'postgresql host is localhost'
lineinfile:
dest: '/etc/hosts'
line: '127.0.0.1 postgresql'
state: 'present'
tags:
- config
- name: ensure postgresql state
service: state=started enabled=yes name={{ item }}
with_items:
- postgresql
- name: upgrade db to head
command: "run-in-venv.sh python3 manage.py migrate"
args:
chdir: /srv/libravatar
- name: collect static
command: "run-in-venv.sh python3 manage.py collectstatic --noinput"
args:
chdir: /srv/libravatar
# https://bugzilla.redhat.com/show_bug.cgi?id=1535689
- name: Allow execmem for Apache
seboolean:
name: httpd_execmem
state: yes
persistent: yes
- name: copy apache files to conf.d (templates)
template: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
with_items:
- "libravatar.conf"
notify:
- reload httpd
tags:
- config
- name: copy httpd config
copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
with_items:
- welcome.conf
notify:
- reload httpd
tags:
- config
- name: ensure httpd state
service: state=started enabled=yes name={{ item }}
with_items:
- httpd

View file

@ -0,0 +1,5 @@
- name: mount up disk
mount: name=/srv/data src='LABEL=libravatar-data' fstype=ext4 state=mounted
- name: mount up bind mount for postgresql
mount: src=/srv/data/pgsql name=/var/lib/pgsql fstype=auto opts=bind state=mounted

View file

@ -0,0 +1,53 @@
WSGISocketPrefix /var/run/wsgi
Alias /robots.txt /var/www/html/robots.txt
<VirtualHost *:80>
ServerName {{ inventory_hostname }}
WSGIPassAuthorization On
WSGIDaemonProcess libravatar user=www group=www threads=25 display-name=libravatar maximum-requests=8000 graceful-timeout=20 python-home=/srv/data/.virtualenv python-path=/srv/libravatar
WSGIScriptAlias / /srv/data/wsgi.py
Alias /robots.txt /srv/libravatar/static/robots.txt
Alias /favicon.ico /srv/libravatar/static/favicon.ico
Alias /media/ /srv/libravatar/media/
Alias /static/ /srv/libravatar/static/
<Directory /srv/libravatar/static>
Require all granted
</Directory>
<Directory /srv/libravatar/media>
Require all granted
</Directory>
<Location />
WSGIProcessGroup libravatar
Require all granted
</Location>
<Directory /srv/libravatar>
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
</VirtualHost>
<IfModule mod_status.c>
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Require all denied
Require host localhost .redhat.com
</Location>
</IfModule>
<IfModule mpm_prefork_module>
StartServers 8
MinSpareServers 8
MaxSpareServers 20
MaxClients 50
MaxRequestsPerChild 10000
</IfModule>