main.yml 2.27 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
---
# samba/nfs-api/tasks/main.yml

- name: ensure the deploy key is available
  copy:
    src: "{{ nfs_api_deploy_key }}"
    dest: /root/.ssh/nfsapi
    owner: root
    group: root
    mode: 0600
  tags:
    - user-scripts
    - nfsapi
    - webservices

# https://github.com/ansible/ansible/issues/27699
- name: ensure fucking git module is able to clone
  command: mount -o remount,exec /tmp
  tags:
    - userscripts
    - nfsapi
    - webservices

- name: ensure we have the program
  git:
    repo: git@git.fsmpi.rwth-aachen.de:infra/user-scripts.git
    dest: "{{ nfs_api_web_root }}/program"
    accept_hostkey: True # TODO remove this
    key_file: /root/.ssh/nfsapi
  notify:
    - restart uwsgi for nfsapi
  tags:
    - userscripts
    - nfsapi
    - webservices

- name: ensure fucking git module is not able to clone anymore
  command: mount -o remount,noexec /tmp
  tags:
    - userscripts
    - nfsapi
    - webservices

- name: ensure we have a virtualenv
  pip:
    requirements: "{{ nfs_api_web_root }}/program/requirements-nfs.txt"
    virtualenv: "{{ nfs_api_web_root }}/program/venv"
    virtualenv_python: python3
  notify:
    - restart uwsgi for nfsapi
  tags:
    - userscripts
    - nfsapi
    - webservices

- name: ensure we have our config
  template:
    src: config.py
    dest: "{{nfs_api_web_root}}/program/config.py"
    owner: root
    group: nfsapi
    mode: 0640
  notify:
    - restart uwsgi for nfsapi
  tags:
    - userscripts
    - nfsapi
    - webservices

- name: ensure nfsapi can create homedirs
  template:
    src: sudoers
    dest: /etc/sudoers.d/nfsapi
    owner: root
    group: root
    mode: 0440
  tags:
    - sudo
    - usercripts
    - nfsapi
    - webservices

- name: check the sudo config
  command: visudo -q -c -f /etc/sudoers
  changed_when: no
  tags:
    - sudo
    - userscripts
    - nfsapi
    - webservices

- name: ensure we have a unit file
  copy:
    src: nfsapi.service
    dest: /etc/systemd/system/nfsapi.service
    owner: root
    group: root
    mode: 0644
  notify:
    - reload systemd service files
    - restart uwsgi for nfsapi
  tags:
    - userscripts
    - nfsapi
    - webservices

- meta: flush_handlers

- name: ensure the service is enabled
  systemd: name=nfsapi enabled=yes
  tags:
   - userscripts
   - nfsapi
   - webservices