Merge pull request #5 from TheBirdie/master

Add provisioning for devback

.gitmodules

@@ -1,6 +1,9 @@
 [submodule "ansible/roles/nginx"]
 	path = ansible/roles/nginx
-	url = https://github.com/jdauphant/ansible-role-nginx.git
+	url = https://github.com/ProjetSigma/ansible-role-nginx.git
 [submodule "ansible/roles/nodejs"]
 	path = ansible/roles/nodejs
 	url = https://github.com/AnsibleShipyard/ansible-nodejs.git
+[submodule "ansible/roles/memcached"]
+	path = ansible/roles/memcached
+	url = https://github.com/geerlingguy/ansible-role-memcached.git

ansible/roles/base/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Ensure bash, OpenSSl, and libssl are the latest versions
+  apt: name={{ item }} update_cache={{ update_apt_cache }} state=latest
+  with_items:
+    - bash
+    - openssl
+    - libssl-dev
+    - libssl-doc
+  tags: packages
+
+- name: Install base packages
+  apt: name={{ item }} update_cache={{ update_apt_cache }} force=yes state=installed
+  with_items:
+    - build-essential
+    - ntp
+    - htop
+    - git
+    - libpq-dev
+    - python-dev
+    - python-pip
+    - python-pycurl
+    - supervisor
+  tags: packages
+
+- name: Install virtualenv
+  pip: name=virtualenv
+  tags: packages

ansible/roles/mysql_server_setup/defaults/main.yml

@@ -0,0 +1,57 @@
+
+# ---- MySQL server configuration ----
+
+# Bind address of mysqld. If you want to allow access to the server over the
+# network, change this to '0.0.0.0' (for all interfaces) or for specific IP
+# address to bind on
+mysql_mysqld_bind_address: 'localhost'
+
+# Default mysqld port to listen on
+mysql_mysqld_port: 3306
+
+# This is a list of IP addresses or CIDR networks allowed to connect to MySQL
+# server from remote hosts. It will be applied in firewall (ferm) and
+# /etc/hosts.allow (tcpwrappers).
+# You will need to set mysql_mysqld_bind_address to 0.0.0.0 and restart MySQL
+# server for it to listen on all network interfaces.
+mysql_mysqld_allow: []
+
+# Maximum number of allowed connections
+mysql_mysqld_max_connections: 100
+
+# Use this hash variable to set additional mysqld options
+mysql_mysqld_options: {}
+#  'key_buffer': '16M'
+#  'skip-name-resolve':
+
+# List of additional system groups to append to the MySQL system user
+# 'ssl-cert' group is required for access to certificate private keys
+mysql_mysqld_append_groups: [ 'ssl-cert' ]
+
+# ---- MySQL client configuration ----
+
+# Make client prompt more verbose
+mysql_client_prompt: '\\U\ [\\d]>\_'
+
+# ---- MySQL databases and user accounts ----
+
+# List of MySQL databases to manage
+mysql_databases: []
+  #- name: 'database_name'
+  #  state: 'present,absent'        # optional
+
+# Length of randomly generated passwords (it's a string)
+mysql_password_length: '20'
+
+# Password for MySQL root user
+mysql_root_password: "{{ lookup('password', '.credentials/' + ansible_fqdn + '/mysql/root/password chars=ascii_letters,digits,hexdigits length=' + mysql_password_length) }}"
+
+# List of MySQL users to manage (defaults first)
+mysql_users: []
+  #- name: 'user_name'              # required
+  #  host: 'localhost'
+  #  state: 'present,absent'
+  #  password: ''                   # if not specified, random will be generated
+  #                                 # and saved in the 'secret' storage
+  #  priv: 'user_name.*:ALL'
+  #  append_privs: 'no,yes'

ansible/roles/mysql_server_setup/meta/main.yml

@@ -0,0 +1,5 @@
+mysql_server_setup:
+  description: 'Install and manage a MySQL server'
+  platforms:
+  - name: Ubuntu
+  - name: Debian

ansible/roles/mysql_server_setup/tasks/main.yml

@@ -62,8 +62,6 @@
     name: root
     host: '{{ item }}'
     password: "{{ mysql_root_password }}"
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
     check_implicit_admin: yes
     priv: "*.*:ALL,GRANT"
   with_items: [ '{{ ansible_hostname }}', '127.0.0.1', '::1', 'localhost' ]
@@ -82,44 +80,36 @@
   mysql_user:
     user: ""
     host: '{{ item }}'
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
     state: 'absent'
   with_items: [ '{{ ansible_hostname }}', 'localhost' ]
 
 - name: Remove test database
   mysql_db:
     db: 'test'
     state: 'absent'
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
 
 # ---- Manage MySQL databases and users ----
 
 - name: Manage MySQL databases
   mysql_db:
     name: '{{ item.name }}'
     state: '{{ item.state | default("present") }}'
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
   with_items: mysql_databases
   when: item.name is defined and item.name
 
 - name: Manage MySQL users
   mysql_user:
     name: '{{ item.name }}'
-    password: '{{ item.password | default(lookup("password", secret + "/credentials/" + ansible_fqdn + "/mysql/" + item.name + "/password chars=ascii_letters,digits,hexdigits length=" + mysql_password_length)) }}'
+    password: '{{ item.password }}'
     state: '{{ item.state | default("present") }}'
     priv: '{{ item.priv | default(item.name + ".*:ALL") }}'
     append_privs: '{{ item.append_privs | default("no") }}'
     host: '{{ item.host | default("localhost") }}'
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
   with_items: mysql_users
   when: (item.name is defined and item.name)
 
 - name: Restart MySQL service (again) after first configuration
   service:
     name: 'mysql'
     state: 'restarted'
-  when: (mysql_installed is defined and not mysql_installed.stat.exists)
+  when: (mysql_installed is defined and not mysql_installed.stat.exists)

ansible/roles/mysql_server_setup/templates/root/my.cnf.j2

@@ -0,0 +1,7 @@
+# This file is managed by Ansible, all changes will be lost
+
+[client]
+user=root
+password={{ mysql_root_password }}
+
+

ansible/roles/sigma_back/README.md

@@ -0,0 +1,3 @@
+# Todo list:
+* Generate static and media folders (mainly for /admin/)
+* Find a way to set db login / password in settings.py (to be done by devback team)

ansible/roles/sigma_back/defaults/main.yml

@@ -0,0 +1,56 @@
+---
+# "_" is the joker symbol for nginx
+sigma_back_server_name: "_"
+sigma_back_http_port:   "80"
+sigma_back_https_port:  "443"
+sigma_back_setup_git:   "true"
+sigma_back_git_repo:    "https://github.com/ProjetSigma/backend.git"
+sigma_back_git_branch:  "master"
+
+# Application settings.
+project_name:           "sigma_back"
+application_module:     "sigma"
+virtualenv_path:        "/var/www/{{ project_name }}"
+project_path:           "{{ virtualenv_path }}/{{ project_name }}"
+application_log_dir:    "{{ virtualenv_path }}/logs"
+application_log_file:   "{{ application_log_dir }}/gunicorn_supervisor.log"
+requirements_file:      "{{ project_path }}/requirements.txt"
+django_settings_module: "{{ application_module }}.settings"
+sigma_db_user:          "sigma_back"
+sigma_db_password:      "FIXME"
+sigma_db_dbname:        "{{ sigma_db_user }}"
+django_secret_key:      "FIXME"
+
+# Gunicorn settings
+gunicorn_user:          "{{ project_name }}"
+gunicorn_group:         webapps
+gunicorn_num_workers:   4
+# The maximum number of requests a worker will process before restarting.
+# 0 to disable
+gunicorn_max_requests:  1000
+
+# Nginx settings
+nginx_http_port:        80
+nginx_https_port:       443
+nginx_access_log_file:  "{{ application_log_dir }}/nginx_access.log"
+nginx_error_log_file:   "{{ application_log_dir }}/nginx_error.log"
+nginx_static_dir:       "{{ virtualenv_path }}/static/"
+nginx_media_dir:        "{{ virtualenv_path }}/media/"
+#ssl_crt:                "local_cert"
+#ssl_dest_dir:           "remote_cert"
+
+update_apt_cache:       "yes"
+
+
+# Django Environment variables
+django_environment:
+  DJANGO_SETTINGS_MODULE:   "{{ django_settings_module }}"
+  SECRET_KEY:               "{{ django_secret_key }}"
+  MEDIA_ROOT:               "{{ nginx_media_dir }}"
+  STATIC_ROOT:              "{{ nginx_static_dir }}"
+  DATABASE_USER:            "{{ sigma_db_user }}"
+  DATABASE_PASSWORD:        "{{ sigma_db_password }}"
+  EMAIL_HOST:               "{{ email_host|default(omit) }}"
+  EMAIL_HOST_USER:          "{{ email_host_user|default(omit) }}"
+  EMAIL_HOST_PASSWORD:      "{{ email_host_password|default(omit) }}"
+  BROKER_URL:               "{{ broker_url|default(omit) }}"

ansible/roles/sigma_back/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: restart application
+  supervisorctl: name={{ project_name }} state=restarted
+
+- name: restart nginx
+  service: name=nginx state=restarted enabled=yes
+
+- name: reload nginx
+  service: name=nginx state=reloaded

ansible/roles/sigma_back/meta/main.yml

@@ -0,0 +1,16 @@
+---
+allow_duplicates: yes
+dependencies:
+  - { role: nginx}
+  - { role: base}
+  - { role: mysql_server_setup,
+        mysql_databases: [{name: "sigma_back", state: "present"}],
+        mysql_users: [{name: "{{ sigma_db_user }}",
+            host:           "localhost",
+            state:          "present",
+            password:       "{{ sigma_db_password }}",
+            priv:           "{{ sigma_db_dbname }}.*:ALL",
+            # Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones.
+            append_privs:   "no"
+            }]
+    }

ansible/roles/sigma_back/tasks/create_users_and_groups.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create the application user
+  user: name={{ gunicorn_user }} state=present
+
+- name: Create the application group
+  group: name={{ gunicorn_group }} system=yes state=present
+
+- name: Add the application user to the application group
+  user: name={{ gunicorn_user }} group={{ gunicorn_group }} state=present

ansible/roles/sigma_back/tasks/install_additional_packages.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Install additional packages
+  apt: name={{ item }} update_cache={{ update_apt_cache }} force=yes state=installed
+  with_items:
+    - libav-tools
+    - libmysqlclient-dev
+    - libjpeg-dev
+    - python-imaging
+    - python3-pip
+    - python3-psycopg2

ansible/roles/sigma_back/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+
+- include: install_additional_packages.yml
+  tags: packages
+
+- include: create_users_and_groups.yml
+
+- include: setup_virtualenv.yml
+  tags: virtualenv
+
+- include: setup_git_repo.yml
+  tags: deploy
+
+- include: setup_django_app.yml
+  tags: deploy
+
+- include: setup_supervisor.yml
+  tags: supervisor
+
+- include: set_file_permissions.yml
+  tags: deploy
+
+- include: setup_nginx.yml
+  tags: nginx

ansible/roles/sigma_back/tasks/set_file_permissions.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Ensure that the application file permissions are set properly
+  file: path={{ virtualenv_path }}
+        recurse=yes
+        owner={{ gunicorn_user }}
+        group={{ gunicorn_group }}
+        state=directory
+  notify: restart application

ansible/roles/sigma_back/tasks/setup_django_app.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Install packages required by the Django app inside virtualenv
+  pip: executable=pip3 virtualenv={{ virtualenv_path }} requirements={{ requirements_file }}
+
+- name: Run the Django syncdb command
+  django_manage:
+    command: syncdb
+    app_path: "{{ project_path }}"
+    virtualenv: "{{ virtualenv_path }}"
+    settings: "{{ django_settings_file }}"
+  environment: django_environment
+  when: run_django_syncdb is defined and run_django_syncdb
+  tags: django.syncdb
+
+- name: Run Django database migrations
+  django_manage:
+    command: migrate
+    app_path: "{{ project_path }}"
+    virtualenv: "{{ virtualenv_path }}"
+    settings: "{{ django_settings_file }}"
+  environment: django_environment
+  when: run_django_db_migrations is defined and run_django_db_migrations
+  tags: django.migrate
+
+- name: Run Django collectstatic
+  django_manage:
+    command: collectstatic
+    app_path: "{{ project_path }}"
+    virtualenv: "{{ virtualenv_path }}"
+    settings: "{{ django_settings_file }}"
+  environment: django_environment
+  when: run_django_collectstatic is defined and run_django_collectstatic
+  tags: django.collectstatic

ansible/roles/sigma_back/tasks/setup_git_repo.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Setup the Git repo
+  git: repo={{ sigma_back_git_repo }}
+       version="{{ sigma_back_git_branch }}"
+       dest={{ project_path }}
+  when: sigma_back_setup_git is defined and sigma_back_setup_git
+  tags: git
+
+- name: Delete all .pyc files
+  command: find . -name '*.pyc' -delete
+  args:
+    chdir: "{{ project_path }}"
+  tags: git