From 8d1523a53100d5cbbda80f3447cfed3592a18b71 Mon Sep 17 00:00:00 2001
From: Hinrikus Wolf <hinrikus@fsmpi.rwth-aachen.de>
Date: Wed, 27 Jun 2018 22:11:23 +0200
Subject: [PATCH] make role work again
---
.../files/{uwsgi.service => uwsgi@.service} | 0
.../files/{uwsgi.socket => uwsgi@.socket} | 0
uwsgi-python/handlers/main.yml | 2 +-
uwsgi-python/tasks/app.yml | 426 +++++++++---------
uwsgi-python/tasks/main.yml | 17 +-
uwsgi-python/templates/secret_config.py.j2 | 1 +
uwsgi-python/templates/tmpfiles.conf.j2 | 2 +-
uwsgi-python/vars/shorturl.yml | 2 +-
8 files changed, 232 insertions(+), 218 deletions(-)
rename uwsgi-python/files/{uwsgi.service => uwsgi@.service} (100%)
rename uwsgi-python/files/{uwsgi.socket => uwsgi@.socket} (100%)
create mode 100644 uwsgi-python/templates/secret_config.py.j2
diff --git a/uwsgi-python/files/uwsgi.service b/uwsgi-python/files/uwsgi@.service
similarity index 100%
rename from uwsgi-python/files/uwsgi.service
rename to uwsgi-python/files/uwsgi@.service
diff --git a/uwsgi-python/files/uwsgi.socket b/uwsgi-python/files/uwsgi@.socket
similarity index 100%
rename from uwsgi-python/files/uwsgi.socket
rename to uwsgi-python/files/uwsgi@.socket
diff --git a/uwsgi-python/handlers/main.yml b/uwsgi-python/handlers/main.yml
index 62fb212..f4cc4a0 100644
--- a/uwsgi-python/handlers/main.yml
+++ b/uwsgi-python/handlers/main.yml
@@ -8,5 +8,5 @@
command: systemctl daemon-reload
- name: restart uwsgi instance
- service: name="uwsgi@{{ name }}" state=restarted
+ service: name="uwsgi@{{ app.instance }}" state=restarted
diff --git a/uwsgi-python/tasks/app.yml b/uwsgi-python/tasks/app.yml
index 8e8dfe4..175344a 100644
--- a/uwsgi-python/tasks/app.yml
+++ b/uwsgi-python/tasks/app.yml
@@ -1,4 +1,4 @@
---
+---
#
#- debug:
@@ -6,7 +6,7 @@
#
#
-- import_vars: "{{ item }}"
+- include_vars: "{{ item }}"
with_items:
- "../vars/{{ app.app }}.yml"
- "{{ inventory_dir }}/vars/{{ app.app_vars }}"
@@ -14,214 +14,214 @@
- uwsgi-app
- "{{ app.app }}"
- "{{ app.instance }}"
-#
-#- name: ensure #we have python 2
-# apt:
-# name: "{{ i#tem }}"
-# state: inst#alled
-# with_items:
-# - python
-# - python-de#v
-# - python-vi#rtualenv
-# - uwsgi-plu#gin-python
-# - virtualen#v
-# when: uwsgi_p#ython == 2
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #we have python 3
-# apt:
-# name: "{{ i#tem }}"
-# state: inst#alled
-# with_items:
-# - python3
-# - python3-d#ev
-# - python3-v#irtualenv
-# - uwsgi-plu#gin-python3
-# - virtualen#v
-# when: uwsgi_p#ython == 3
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- include: sqli#te.yml
-# when: app.db #== "sqlite"
-#
-#- include: mysq#l.yml
-# when: app.db #== "mysql"
-#
-#- include: post#gres.yml
-# when: app.db #== "postgres"
-#
-#- name: ensure #we have a group
-# group:
-# name: "{{ a#pp.group }}"
-# system: yes#
-# state: pres#ent
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #we have a user
-# user:
-# name: "{{ a#pp.user }}"
-# group: "{{ #app.group }}"
-# system: yes#
-# home: "{{ a#pp.home }}"
-# shell: /usr#/bin/nologin
-# createhome:# no
-# state: pres#ent
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #a temporary directory exists
-# template:
-# src: tmpfil#es.conf.j2
-# dest: "/etc#/tmpfiles.d/10-{{ app.name }}.conf"
-# owner: root#
-# group: root#
-# mode: 0644
-# notify:
-# - create tm#pfiles
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #we have our uwsgi config file
-# template:
-# src: uwsgi.#ini.j2
-# dest: "/etc#/uwsgi/apps/{{ app.instance }}.ini"
-# owner: root#
-# group: root#
-# mode: 0644
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #additional software is installed
-# apt: name="{{# item }}" state=present
-# with_items: "#{{ app.additional_software }}"
-# when:
-# - app.addit#ional_software is defined
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #the deploy key is available
-# copy:
-# src: "{{ ap#p.deploy_key }}"
-# dest: "/roo#t/.ssh/{{ app.app }}"
-# owner: root#
-# group: root#
-# mode: 0600
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-## https://githu#b.com/ansible/ansible/issues/27699
-#- name: ensure #git module is able to clone
-# command: moun#t -o remount,exec /tmp
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #we have the program
-# git:
-# repo: "{{ a#pp.git_url }}"
-# dest: "{{ a#pp.path }}"
-# key_file: "#/root/.ssh/{{ app.app }}"
-# version: "{#{ app.git_version }}"
-# notify:
-# - restart u#wsgi instance
-# register: git#
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #git module is not able to clone anymore
-# command: moun#t -o remount,noexec /tmp
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #we have a virtualenv
-# pip:
-# requirement#s: "{{ app.path }}/requirements.txt"
-# virtualenv:# "{{ app.venv }}"
-# virtualenv_#python: "{{ app.python_version }}"
-# notify:
-# - restart u#wsgi instance
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #we have our config
-# template:
-# src: "apps/#{{ app.app }}.j2"
-# dest: "{{ a#pp.path }}/{{ app.config_file }}"
-# owner: "{{ #app.user }}"
-# group: "{{ #app.group }}"
-# mode: 0640
-# notify:
-# - restart u#wsgi instance
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- name: ensure #we have our secret config
-# template:
-# src: secret#_config.py.j2
-# dest: "{{ a#pp.path }}/secret_config.py"
-# owner: "{{ #app.user }}"
-# group: "{{ #app.group }}"
-# mode: 0600
-# force: no
-# notify:
-# - restart u#wsgi instance
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-# when:
-# - secret_co#nfig is defined
-# - secret_co#nfig == True
-#
-#
-#- include_tasks#: "{{ item }}"
-# with_first_fo#und:
-# - files:
-# - "apps#/{{ app.app }}.yml"
-# skip: tru#e
-# tags:
-# - uwsgi-app#
-# - "{{ app.a#pp }}"
-# - "{{ app.i#nstance }}"
-#
-#- meta: flush_h#andlers
-#
-#- name: ensure the service is enabled
-# service:
-# name: "uwsgi@{{ app.instance }}"
-# enabled: yes
-# state: started
-# tags:
-# - uwsgi-app
-# - "{{ app.app }}"
-# - "{{ app.instance }}"
-#
-#
+
+- name: ensure we have python 2
+ apt:
+ name: "{{ item }}"
+ state: installed
+ with_items:
+ - python
+ - python-dev
+ - python-virtualenv
+ - uwsgi-plugin-python
+ - virtualenv
+ when: uwsgi_python == 2
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure we have python 3
+ apt:
+ name: "{{ item }}"
+ state: installed
+ with_items:
+ - python3
+ - python3-dev
+ - python3-virtualenv
+ - uwsgi-plugin-python3
+ - virtualenv
+ when: uwsgi_python == 3
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- include: sqlite.yml
+ when: app.db == "sqlite"
+
+- include: mysql.yml
+ when: app.db == "mysql"
+
+- include: postgres.yml
+ when: app.db == "postgres"
+
+- name: ensure we have a group
+ group:
+ name: "{{ app_group }}"
+ system: yes
+ state: present
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure we have a user
+ user:
+ name: "{{ app_user }}"
+ group: "{{ app_group }}"
+ system: yes
+ home: "{{ app_home }}"
+ shell: /usr/bin/nologin
+ createhome: no
+ state: present
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure a temporary directory exists
+ template:
+ src: tmpfiles.conf.j2
+ dest: "/etc/tmpfiles.d/10-{{ app.instance }}.conf"
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - create tmpfiles
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure we have our uwsgi config file
+ template:
+ src: uwsgi.ini.j2
+ dest: "/etc/uwsgi/apps/{{ app.instance }}.ini"
+ owner: root
+ group: root
+ mode: 0644
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure additional software is installed
+ apt: name="{{ item }}" state=present
+ with_items: "{{ app_additional_software }}"
+ when:
+ - app_additional_software is defined
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure the deploy key is available
+ copy:
+ src: "{{ app_deploy_key }}"
+ dest: "/root/.ssh/{{ app.app }}"
+ owner: root
+ group: root
+ mode: 0600
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+# https://github.com/ansible/ansible/issues/27699
+- name: ensure git module is able to clone
+ command: mount -o remount,exec /tmp
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure we have the program
+ git:
+ repo: "{{ app_git_url }}"
+ dest: "{{ app_path }}"
+ key_file: "/root/.ssh/{{ app.app }}"
+ version: "{{ app_git_version }}"
+ notify:
+ - restart uwsgi instance
+ register: git
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure git module is not able to clone anymore
+ command: mount -o remount,noexec /tmp
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure we have a virtualenv
+ pip:
+ requirements: "{{ app_path }}/requirements.txt"
+ virtualenv: "{{ app_venv }}"
+ virtualenv_python: "{{ app_python_version }}"
+ notify:
+ - restart uwsgi instance
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure we have our config
+ template:
+ src: "apps/{{ app.app }}.j2"
+ dest: "{{ app_path }}/{{ app_config_file }}"
+ owner: "{{ app_user }}"
+ group: "{{ app_group }}"
+ mode: 0640
+ notify:
+ - restart uwsgi instance
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- name: ensure we have our secret config
+ template:
+ src: secret_config.py.j2
+ dest: "{{ app_path }}/secret_config.py"
+ owner: "{{ app_user }}"
+ group: "{{ app_group }}"
+ mode: 0600
+ force: no
+ notify:
+ - restart uwsgi instance
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+ when:
+ - app_secret_config is defined
+ - app_secret_config == True
+
+
+- include_tasks: "{{ item }}"
+ with_first_found:
+ - files:
+ - "apps/{{ app.app }}.yml"
+ skip: true
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+- meta: flush_handlers
+
+- name: ensure the service is enabled
+ service:
+ name: "uwsgi@{{ app.instance }}"
+ enabled: yes
+ state: started
+ tags:
+ - uwsgi-app
+ - "{{ app.app }}"
+ - "{{ app.instance }}"
+
+
diff --git a/uwsgi-python/tasks/main.yml b/uwsgi-python/tasks/main.yml
index cfed4f1..2f1a91c 100644
--- a/uwsgi-python/tasks/main.yml
+++ b/uwsgi-python/tasks/main.yml
@@ -25,11 +25,24 @@
- name: ensure we have archlinux's systemd-service file
copy:
- src: uwsgi.service
- dest: /etc/systemd/system/uwsgi.service
+ src: uwsgi@.service
+ dest: /etc/systemd/system/uwsgi@.service
owner: root
group: root
mode: 0644
+ notify:
+ - reload systemd service files
+ tags:
+ - uwsgi
+ - webservices
+
+- name: ensure the uwsgi app folder is present
+ file:
+ path: /etc/uwsgi/apps/
+ state: directory
+ owner: root
+ group: root
+ mode: 0755
tags:
- uwsgi
- webservices
diff --git a/uwsgi-python/templates/secret_config.py.j2 b/uwsgi-python/templates/secret_config.py.j2
new file mode 100644
index 0000000..4fe5c96
--- /dev/null
+++ b/uwsgi-python/templates/secret_config.py.j2
@@ -0,0 +1 @@
+secret_key = '{{ (2**2048)|random }}'
diff --git a/uwsgi-python/templates/tmpfiles.conf.j2 b/uwsgi-python/templates/tmpfiles.conf.j2
index 56b850c..378ee5b 100644
--- a/uwsgi-python/templates/tmpfiles.conf.j2
+++ b/uwsgi-python/templates/tmpfiles.conf.j2
@@ -1 +1 @@
-d /run/uwsgi/{{uwsgi_name}} 0775 {{uwsgi_user}} {{uwsgi_group}} - -
+d /run/uwsgi/{{app.instance}} 0775 {{app_user}} {{app_group}} - -
diff --git a/uwsgi-python/vars/shorturl.yml b/uwsgi-python/vars/shorturl.yml
index 13e4ce9..eee6f77 100644
--- a/uwsgi-python/vars/shorturl.yml
+++ b/uwsgi-python/vars/shorturl.yml
@@ -27,7 +27,7 @@ shorturl_ad_host: 'ad.example.com'
shorturl_ad_domain: 'EXAMPLE'
shorturl_ad_user_dn: "cn=users,dc=example,dc=com"
shorturl_ad_group_dn: "cn=users,dc=example,dc=com"
-shorturl_ad_cacert: "/etc/ssl/certs/example_cacert.pem"
+shorturl_ad_cert: "/etc/ssl/certs/example_cacert.pem"
shorturl_target_regex: '^https://([a-zA-Z0-9-]+\.)*example\.com(/(.*))?$'
shorturl_branding_name: 'Example'
--
GitLab