You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/09/18 18:06:05 UTC
[airavata] 02/09: Ansible: enable Django deploy on Ubuntu 18
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit b40a9349746a8c97b734bd2e2199f0b79ed22b5c
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Mar 6 10:55:26 2020 -0500
Ansible: enable Django deploy on Ubuntu 18
---
dev-tools/ansible/django.yml | 2 +-
dev-tools/ansible/roles/django/tasks/main.yml | 7 ++
.../tasks/{main.yml => install_deps_CentOS_7.yml} | 5 +-
.../tasks/install_deps_Ubuntu_18.yml} | 37 ++++-----
.../ansible/roles/django_setup/tasks/main.yml | 87 +---------------------
dev-tools/ansible/roles/env_setup/tasks/main.yml | 13 ++++
.../roles/httpd/tasks/install_deps_Ubuntu_16.yml | 7 --
.../tasks/install_deps_Ubuntu_18.yml} | 39 ++++------
dev-tools/ansible/roles/httpd/tasks/main.yml | 41 ++++++++++
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 20 +++++
10 files changed, 115 insertions(+), 143 deletions(-)
diff --git a/dev-tools/ansible/django.yml b/dev-tools/ansible/django.yml
index 02c2220..9f9227f 100644
--- a/dev-tools/ansible/django.yml
+++ b/dev-tools/ansible/django.yml
@@ -30,7 +30,7 @@
when: inventory_hostname == groups['django_' + ansible_hostname][0]
# Oracle JDK is needed by Django apps that call Java code (e.g., SimCCS Maptool)
# - role: java
- # when: inventory_hostname == groups['django_' + ansible_hostname][0]
+ # when: inventory_hostname == groups['django_' + ansible_hostname][0] and ansible_os_family == "RedHat"
- role: httpd
when: inventory_hostname == groups['django_' + ansible_hostname][0]
- role: letsencrypt
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 831725a..13d449b 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -270,6 +270,13 @@
- restart httpd
when: vhost_ssl
+- name: Enable site in Apache (Debian)
+ command: a2ensite django-{{ gateway_id }}
+ become: yes
+ notify:
+ - restart httpd
+ when: ansible_os_family == "Debian"
+
- name: copy user's SSH key for the gateway data store
authorized_key:
user: "{{user}}"
diff --git a/dev-tools/ansible/roles/django_setup/tasks/main.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_CentOS_7.yml
similarity index 97%
copy from dev-tools/ansible/roles/django_setup/tasks/main.yml
copy to dev-tools/ansible/roles/django_setup/tasks/install_deps_CentOS_7.yml
index 408c8be..b3d78ee 100644
--- a/dev-tools/ansible/roles/django_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_CentOS_7.yml
@@ -17,9 +17,10 @@
# specific language governing permissions and limitations
# under the License.
#
+
---
-- name: Install Airavata Django Portal prerequisites
+- name: Install Airavata Django Portal prerequisites (CentOS 7)
yum: name={{ item }} state=latest update_cache=yes
with_items:
- python36
@@ -105,5 +106,3 @@
- /tmp/django-httpd.mod
- /tmp/django-httpd.pp
- /tmp/django-httpd.te
-
-...
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Ubuntu_18.yml
similarity index 59%
copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml
copy to dev-tools/ansible/roles/django_setup/tasks/install_deps_Ubuntu_18.yml
index 0c46e46..37ae751 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Ubuntu_18.yml
@@ -20,28 +20,19 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
+- name: Install prerequisites
+ apt: name="{{ item }}" state=latest update_cache=yes
with_items:
- - certbot
- - python2-acme
- - python2-certbot-apache
- become_user: root
+ - python3.6
+ - apache2-dev
+ - python3.6-dev
+ - python3-venv
+ # Needed by https://pypi.org/project/mysqlclient/
+ - default-libmysqlclient-dev
+ # mod_wsgi Apache module
+ - libapache2-mod-wsgi-py3
+ become: yes
-- name: enable certbot (letsencrypt) renewal
- systemd:
- state: started
- enabled: true
- name: certbot-renew
- daemon_reload: true
- become: true
- become_user: root
-
-- name: enable certbot (letsencrypt) renewal timer
- systemd:
- state: started
- enabled: true
- name: certbot-renew.timer
- daemon_reload: true
- become: true
- become_user: root
+- name: enable Apache mod_wsgi module
+ command: a2enmod wsgi
+ become: yes
diff --git a/dev-tools/ansible/roles/django_setup/tasks/main.yml b/dev-tools/ansible/roles/django_setup/tasks/main.yml
index 408c8be..2d453e3 100644
--- a/dev-tools/ansible/roles/django_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/django_setup/tasks/main.yml
@@ -19,91 +19,6 @@
#
---
-- name: Install Airavata Django Portal prerequisites
- yum: name={{ item }} state=latest update_cache=yes
- with_items:
- - python36
- - httpd-devel
- - python36-devel
- - mysql-devel
- - gcc
- - zlib-devel
- - openssl-devel
- become: yes
-
-- name: Create mod_wsgi directory
- file: path={{ mod_wsgi_dir }} state=directory
- become: yes
-
-- name: Fetch mod_wsgi
- get_url:
- url: "{{ mod_wsgi_url }}"
- dest: "{{ mod_wsgi_tarball_dest }}"
- become: yes
-
-- name: Untar mod_wsgi
- unarchive:
- src: "{{ mod_wsgi_tarball_dest }}"
- remote_src: yes
- dest: "{{ mod_wsgi_dir }}"
- creates: "{{ mod_wsgi_unarchive_dir }}"
- become: yes
-
-- name: Configure mod_wsgi
- command: ./configure --with-python=/usr/bin/python3
- args:
- chdir: "{{ mod_wsgi_unarchive_dir }}"
- creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
- become: yes
-
-- name: make mod_wsgi
- command: make
- args:
- chdir: "{{ mod_wsgi_unarchive_dir }}"
- creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
- become: yes
-
-- name: make install mod_wsgi
- command: make install
- args:
- chdir: "{{ mod_wsgi_unarchive_dir }}"
- become: yes
-
-- name: Copy mod_wsgi config file
- copy:
- src: 00-wsgi.conf
- dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
- become: yes
-
-# Allow httpd to copy file attributes when handling uploaded files and moving
-# them from temporary to final destination (which may cross partitions)
-- name: double check policycoreutils installed
- yum: name=policycoreutils-python state=installed
- become: yes
-
-- name: Copy SELinux type enforcement file
- copy: src=django-httpd.te dest=/tmp/
-
-- name: Compile SELinux module file
- command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te
-
-- name: Build SELinux policy package
- command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod
-
-- name: unLoad SELinux policy package
- command: semodule -r django-httpd
- become: yes
- ignore_errors: True
-
-- name: Load SELinux policy package
- command: semodule -i /tmp/django-httpd.pp
- become: yes
-
-- name: Remove temporary files
- file: path={{ item }} state=absent
- with_items:
- - /tmp/django-httpd.mod
- - /tmp/django-httpd.pp
- - /tmp/django-httpd.te
+- include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
...
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 716cffd..38abc04 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -57,4 +57,17 @@
firewalld: port="22/tcp"
zone=public permanent=true state=enabled immediate=yes
become: yes
+ when: ansible_os_family == "RedHat"
+
+# Issues with firewalld module on Ubuntu https://github.com/ansible/ansible/issues/24855
+# So as workaround, just calling firewall-cmd directly for now
+- name: open firewall port 22 for SSH connections (Debian)
+ command: firewall-cmd --zone=public --add-port=22/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port 22 for SSH connections permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-port=22/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
...
diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
index 7ceabda..7a83d57 100644
--- a/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
@@ -55,10 +55,3 @@
owner: www-data
group: www-data
mode: 0775
-
-- name: set DocumentRoot in default site-enabled
- lineinfile:
- dest: /etc/apache2/sites-enabled/000-default.conf
- line: ' DocumentRoot "/var/www/html/php-gateway/public"'
- regexp: '^\s+DocumentRoot'
- state: present
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_18.yml
similarity index 59%
copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml
copy to dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_18.yml
index 0c46e46..40ae0e1 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_18.yml
@@ -20,28 +20,21 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
+- name: Install prerequisites
+ apt: name="{{ item }}" state=latest update_cache=yes
with_items:
- - certbot
- - python2-acme
- - python2-certbot-apache
- become_user: root
+ - git
+ - apache2
+ - python-selinux
+ - python-apt
+ - unzip
+ - openssl
+ - curl
+ become: yes
-- name: enable certbot (letsencrypt) renewal
- systemd:
- state: started
- enabled: true
- name: certbot-renew
- daemon_reload: true
- become: true
- become_user: root
-
-- name: enable certbot (letsencrypt) renewal timer
- systemd:
- state: started
- enabled: true
- name: certbot-renew.timer
- daemon_reload: true
- become: true
- become_user: root
+- name: enable apache rewrite
+ command: a2enmod {{ item }}
+ with_items:
+ - rewrite
+ - ssl
+ become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 2f7be68..15a71fd 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -87,13 +87,54 @@
- http
- https
become: yes
+ when: ansible_os_family == "RedHat"
- name: open firewall port {{ httpd_default_http_port }}
firewalld: port="{{ httpd_default_http_port }}/tcp"
zone=public permanent=true state=enabled immediate=yes
become: yes
+ when: ansible_os_family == "RedHat"
- name: open firewall port {{ httpd_default_https_port }}
firewalld: port="{{ httpd_default_https_port }}/tcp"
zone=public permanent=true state=enabled immediate=yes
become: yes
+ when: ansible_os_family == "RedHat"
+
+# Issues with firewalld module oon Ubuntu https://github.com/ansible/ansible/issues/24855
+# So as workaround, just calling firewall-cmd directly for now
+- name: Enable https and http service on public zone (Debian)
+ command: firewall-cmd --zone=public --add-service={{ item }}
+ with_items:
+ - http
+ - https
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: Enable https and http service on public zone permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-service={{ item }}
+ with_items:
+ - http
+ - https
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_http_port }} (Debian)
+ command: firewall-cmd --zone=public --add-port={{ httpd_default_http_port}}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_http_port }} permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-port={{ httpd_default_http_port}}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_https_port }} (Debian)
+ command: firewall-cmd --zone=public --add-port={{ httpd_default_https_port }}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_https_port }} permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-port={{ httpd_default_https_port }}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 0c46e46..a217077 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -27,6 +27,24 @@
- python2-acme
- python2-certbot-apache
become_user: root
+ when: ansible_os_family == "RedHat"
+
+- name: add Certbot PPA repository
+ apt_repository:
+ repo: "ppa:certbot/certbot"
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: Install Certbot and dependencies (Debian)
+ apt: name={{ item }} state=latest update_cache=yes
+ with_items:
+ - certbot
+ - python-certbot-apache
+ become: yes
+ when: ansible_os_family == "Debian"
+
+# Note: on Ubuntu crontab is automatically created to run cert renewal. Only
+# CentOS requires enabling the certbot-renew timer.
- name: enable certbot (letsencrypt) renewal
systemd:
@@ -36,6 +54,7 @@
daemon_reload: true
become: true
become_user: root
+ when: ansible_os_family == "RedHat"
- name: enable certbot (letsencrypt) renewal timer
systemd:
@@ -45,3 +64,4 @@
daemon_reload: true
become: true
become_user: root
+ when: ansible_os_family == "RedHat"