Simple ansible template

2020-11-03 17:26:52 +01:00 · 2020-11-03 17:26:52 +01:00 · 76a15b4681
parent f6acbc4c02
commit 76a15b4681
9 changed files with 220 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,5 @@
-# peach-vps
 # simple-ansible-template
+
+
+# generate deploy key
+`ssh-keygen -t rsa -b 4096 -C "email@email.com"`
--- a/ansible/deploy.yml
+++ b/ansible/deploy.yml
@ -0,0 +1,64 @@
+---
+
+- hosts: webservers
+  user: ubuntu
+  sudo: True
+
+  tasks:
+    - include_vars: vars.yaml
+
+    - name: ensure log directory
+      action: file dest={{log_dir}} state=directory
+
+    - name: deploy code from repository
+      git: repo={{repo_url}} dest={{src_dir}} remote={{repo_remote}} version={{repo_branch}} accept_hostkey=yes
+      notify:
+        - restart nginx
+        - restart webapp
+
+    - name: install python requirements
+      action: pip requirements={{src_dir}}/requirements.txt state=present
+
+    - name: copy hellow_webapp.ini
+      action: template src=templates/hello_webapp.ini dest={{src_dir}}/hello_webapp.ini
+
+    - name: create nginx site config
+      action: template src=templates/nginx_site.conf dest=/etc/nginx/sites-available/{{app_name}}.conf
+      notify:
+        - restart nginx
+
+    - name: link nginx config
+      action: file src=/etc/nginx/sites-available/{{app_name}}.conf dest=/etc/nginx/sites-enabled/{{app_name}}.conf state=link
+
+    - name: create upstart script for webapp
+      action: template src=templates/hello_webapp.conf dest=/etc/init/hello_webapp.conf
+
+    - name: ensure secrets directory
+      action: file dest={{src_dir}}/devops/secret_files state=directory
+
+    - name: Copy secret.json file
+      copy: src=secret_files/secret.json dest={{src_dir}}/devops/secret_files/secret.json
+
+    - name: make src_dir writeable by webgroup
+      action: file path={{src_dir}} mode=u=rwX,g=rwX,o=X recurse=yes group=webgroup
+
+    - name: make log_dir writeable by webgroup
+      action: file path={{log_dir}} mode=u=rwX,g=rwX,o=X recurse=yes group=webgroup
+
+#    - name: crontab to check alerts
+#      cron: name="check alerts" minute="*" job="curl {{prod_url}}/get_all_tix/"
+
+    - name: restart server and webapp
+      command: /bin/true
+      notify:
+        - restart nginx
+        - restart webapp
+
+
+  handlers:
+
+    - name: restart nginx
+      action: service name=nginx state=restarted
+
+    - name: restart webapp
+      action: service name={{app_name}} state=restarted
--- a/ansible/setup.yml
+++ b/ansible/setup.yml
@ -0,0 +1,85 @@
+---
+
+- hosts: webservers
+  user: ubuntu
+  sudo: True
+
+  tasks:
+    - include_vars: vars.yaml
+
+    - name: add nginx ppa
+      action: apt_repository repo=ppa:nginx/stable state=present
+
+    - name: install common packages needed for python application development
+      action: apt pkg=$item state=installed
+      with_items:
+        - libpq-dev
+        - libmysqlclient-dev
+        - libxml2-dev
+        - libjpeg62
+        - libjpeg62-dev
+        - libfreetype6
+        - libfreetype6-dev
+        - zlib1g-dev
+        - mysql-client
+        - python-dev
+        - python-setuptools
+        - python-imaging
+        - python-mysqldb
+        - python-psycopg2
+        - git-core
+        - nginx
+
+    - name: install pip
+      action: easy_install name=pip
+
+    - name: install virtualenv and uwsgi
+      action: pip name={{item.name}} version={{item.version}}
+      with_items:
+        - { name: 'virtualenv', version: '14.0.6' }
+        - { name: 'uwsgi', version: '2.0.12' }
+
+    - name: symlink imaging library files
+      action: file src=/usr/lib/x86_64-linux-gnu/libfreetype.so dest=/usr/lib/libfreetype.so state=link
+
+    - name: symlink imaging library files
+      action: file src=/usr/lib/x86_64-linux-gnu/libz.so dest=/usr/lib/libz.so state=link
+
+    - name: symlink imaging library files
+      action: file src=/usr/lib/x86_64-linux-gnu/libjpeg.so.62 dest=/usr/lib/x86_64-linux-gnu/libjpeg.so state=link
+
+    - name: symlink imaging library files
+      action: file src=/usr/lib/x86_64-linux-gnu/libjpeg.so dest=/usr/lib/libjpeg.so state=link
+
+    - name: remove default nginx site
+      action: file path=/etc/nginx/sites-enabled/default state=absent
+
+    - name: write nginx.conf
+      action: template src=templates/nginx.conf dest=/etc/nginx/nginx.conf
+
+    - name: create webgroup if it doesn't exist
+      group: name=webgroup state=present
+      tags:
+        - debug
+
+    - name: ensure wsgi-user belongs to webgroup
+      user: name=wsgi-user groups=webgroup append=yes
+      tags:
+        - debug
+
+    - name: ensure wsgi-user belongs to webgroup
+      user: name=www-data groups=webgroup append=yes
+      tags:
+        - debug
+
+    - name: ensure ubuntu belongs to webgroup
+      user: name=ubuntu groups=webgroup append=yes
+      tags:
+        - debug
+
+    - name: copy over ssh keys for deploy purposes
+      action: copy src={{item.from}} dest={{item.to}} mode={{item.mode}}
+      with_items:
+        - { from: 'secret_files/deploy_rsa.pub', to: '/root/.ssh/id_rsa.pub', mode: '0644' }
+        - { from: 'secret_files/deploy_rsa', to: '/root/.ssh/id_rsa', mode: '0600' }
+
--- a/ansible/templates/hello_webapp.conf
+++ b/ansible/templates/hello_webapp.conf
@ -0,0 +1,10 @@
+description "uWSGI server instance configured to serve hello_webapp"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+setuid wsgi-user
+setgid webgroup
+
+chdir {{src_dir}}
+exec uwsgi --ini hello_webapp.ini
--- a/ansible/templates/nginx.conf
+++ b/ansible/templates/nginx.conf
@ -0,0 +1,31 @@
+user www-data webgroup;
+worker_processes 1;
+worker_rlimit_nofile 8192;
+
+events {
+  worker_connections  3000;
+}
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}
--- a/ansible/templates/nginx_site.conf
+++ b/ansible/templates/nginx_site.conf
@ -0,0 +1,10 @@
+server {
+    listen 80;
+    server_name ec2-52-90-110-188.compute-1.amazonaws.com;
+
+    location / {
+        include uwsgi_params;
+        uwsgi_pass unix:{{src_dir}}/{{app_name}}.sock;
+    }
+
+}
--- a/ansible/vars.yaml
+++ b/ansible/vars.yaml
@ -0,0 +1,12 @@
+app_name: hello_webapp
+repo_url: git@github.com:mhfowler/alembic_flask_ansible_ec2_template.git
+repo_remote: origin
+repo_branch: master
+src_dir: /srv/hello_webapp
+log_dir: /srv/log
+aws_key_name: maxhfowler_dec8
+aws_security_group: citigroup_apps
+aws_instance_name: aws_default
+aws_key_location: /Users/maxfowler/Desktop/cs/ec2/dec8/maxhfowler_dec8.pem
+aws_subnet: subnet-1b647733
+prod_url: http://52.91.169.141/
--- a/deploy.sh
+++ b/deploy.sh
@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+ansible-playbook -i ansible/hosts ansible/deploy.yml
--- a/setup.sh
+++ b/setup.sh
@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+ansible-playbook -i ansible/hosts ansible/setup.yml