Rename the ara role to ara_api and move nginx out to it's own role
Moving nginx out to it's own role allows us to re-use it for ara-web. Renaming ara to ara_api and namespacing it's variables helps removing ambiguities and opportunities for clashing names. Change-Id: Ie1fc53fa25b00bc86aafda708df9866f02ced6fd
This commit is contained in:
parent
3b6b291967
commit
f61531ab9a
10
.zuul.yaml
10
.zuul.yaml
|
@ -59,12 +59,12 @@
|
|||
- requirements.txt
|
||||
- test-requirements.txt
|
||||
pre-run: tests/role-integration-pre.yaml
|
||||
run: playbooks/ara.yaml
|
||||
run: playbooks/ara_api.yaml
|
||||
vars:
|
||||
ara_source: "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara"
|
||||
ara_web_server: nginx
|
||||
ara_wsgi_server: gunicorn
|
||||
ara_www_dir: /var/www/ara
|
||||
ara_api_source: "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara"
|
||||
ara_api_web_server: nginx
|
||||
ara_api_wsgi_server: gunicorn
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
||||
- job:
|
||||
name: ara-1.0-role-integration-ubuntu
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
.. include:: ../../roles/ara_api/README.rst
|
|
@ -1 +0,0 @@
|
|||
.. include:: ../../roles/ara/README.rst
|
|
@ -17,4 +17,4 @@ Table of Contents
|
|||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
ansible-role-ara <ansible-role-ara>
|
||||
ansible-role-ara-api <ansible-role-ara-api>
|
||||
|
|
|
@ -17,9 +17,9 @@ in order to avoid conflicts with your Linux distribution python packages::
|
|||
# Install ARA 1.0 from source
|
||||
~/.ara/venv/bin/pip install git+https://git.openstack.org/openstack/ara@feature/1.0
|
||||
|
||||
Using ansible-role-ara
|
||||
----------------------
|
||||
Using ansible-role-ara-api
|
||||
---------------------------
|
||||
|
||||
An Ansible role is available to install and configure ARA.
|
||||
|
||||
For more details, refer to the role documentation: :ref:`ansible-role-ara`.
|
||||
For more details, refer to the role documentation: :ref:`ansible-role-ara-api`.
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
- name: Install ARA with default settings
|
||||
hosts: all
|
||||
gather_facts: yes
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
roles:
|
||||
- ara
|
||||
- ara_api
|
|
@ -1,5 +1,5 @@
|
|||
ansible-role-ara
|
||||
================
|
||||
ansible-role-ara-api
|
||||
====================
|
||||
|
||||
This Ansible role provides a framework for installing one or many instances of
|
||||
`ara <https://github.com/openstack/ara>`_ in a variety of opinionated
|
||||
|
@ -10,7 +10,7 @@ It is currently tested and supported against Ubuntu 18.04 and Fedora 29.
|
|||
Role Variables
|
||||
--------------
|
||||
|
||||
See `defaults/main.yaml <https://github.com/openstack/ara/blob/feature/1.0/roles/ara/defaults/main.yaml>`_.
|
||||
See `defaults/main.yaml <https://github.com/openstack/ara/blob/feature/1.0/roles/ara_api/defaults/main.yaml>`_.
|
||||
|
||||
TL;DR
|
||||
-----
|
||||
|
@ -22,10 +22,8 @@ Playbook that runs the role with defaults::
|
|||
- name: Install ARA with default settings and no persistent API server
|
||||
hosts: all
|
||||
gather_facts: yes
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
roles:
|
||||
- ara
|
||||
- ara_api
|
||||
|
||||
What the role ends up doing by default:
|
||||
|
||||
|
@ -46,16 +44,16 @@ can be selected with role variables.
|
|||
For example, the following role variables are used to provide the topology from
|
||||
the ``TL;DR`` above:
|
||||
|
||||
- ``ara_install_method: source``
|
||||
- ``ara_wsgi_server: null``
|
||||
- ``ara_database_engine: django.db.backends.sqlite3``
|
||||
- ``ara_web_server: null``
|
||||
- ``ara_api_install_method: source``
|
||||
- ``ara_api_wsgi_server: null``
|
||||
- ``ara_api_database_engine: django.db.backends.sqlite3``
|
||||
- ``ara_api_web_server: null``
|
||||
|
||||
The intent is that as the role gains support for other install methods,
|
||||
wsgi servers, database engines or web servers, it will be possible to
|
||||
mix and match according to preference or requirements.
|
||||
|
||||
Perhaps ARA could be installed from pypi and run with uwsgi, nginx and mysql.
|
||||
Perhaps ARA could be installed from pypi and run with gunicorn, nginx and mysql.
|
||||
Or maybe it could be installed from distribution packages and set up to run
|
||||
with apache, mod_wsgi and postgresql.
|
||||
Or any combination of any of those.
|
||||
|
@ -71,10 +69,9 @@ Install ARA and set up the API to be served by a persistent gunicorn service::
|
|||
hosts: all
|
||||
gather_facts: yes
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ara_wsgi_server: gunicorn
|
||||
ara_api_wsgi_server: gunicorn
|
||||
roles:
|
||||
- ara
|
||||
- ara_api
|
||||
|
||||
Install ARA and set up the API to be served by nginx in front of gunicorn::
|
||||
|
||||
|
@ -84,14 +81,14 @@ Install ARA and set up the API to be served by nginx in front of gunicorn::
|
|||
hosts: all
|
||||
gather_facts: yes
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
ara_web_server: nginx
|
||||
ara_wsgi_server: gunicorn
|
||||
ara_api_frontend_server: nginx
|
||||
ara_api_wsgi_server: gunicorn
|
||||
ara_api_fqdn: api.ara.example.org
|
||||
ara_allowed_hosts:
|
||||
ara_api_allowed_hosts:
|
||||
- api.ara.example.org
|
||||
ara_api_frontend_vhost: custom_vhost.conf.j2
|
||||
roles:
|
||||
- ara
|
||||
- ara_api
|
||||
|
||||
Copyright
|
||||
---------
|
|
@ -17,55 +17,59 @@
|
|||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# Root directories in which data, configuration and logs will be stored
|
||||
ara_root_dir: "{{ ansible_user_dir }}/.ara" # git repos, virtualenvs, sqlite db
|
||||
ara_log_dir: "{{ ara_root_dir }}/logs" # logs
|
||||
ara_api_root_dir: "{{ ansible_user_dir }}/.ara" # git repos, virtualenvs, sqlite db
|
||||
ara_api_log_dir: "{{ ara_api_root_dir }}/logs" # logs
|
||||
|
||||
# Whether or not ara should be installed in a virtual environment.
|
||||
# Running ara in a virtualenv is recommended to avoid conflicting with
|
||||
# system-wide python packages.
|
||||
ara_venv: true
|
||||
ara_api_venv: true
|
||||
|
||||
# When using a virtualenv, location where it will be installed
|
||||
ara_venv_path: "{{ ara_root_dir }}/virtualenv"
|
||||
ara_api_venv_path: "{{ ara_api_root_dir }}/virtualenv"
|
||||
|
||||
# How ara will be installed
|
||||
# source (default): installs from a local or remote git repository specified by ara_source
|
||||
# source (default): installs from a local or remote git repository specified by ara_api_source
|
||||
# pypi (planned): installs from pypi
|
||||
ara_install_method: source
|
||||
ara_api_install_method: source
|
||||
|
||||
# The source where the git repository can be cloned from.
|
||||
# Can be an URL to a git repository or the path to a local repository on disk.
|
||||
ara_source: "https://git.openstack.org/openstack/ara"
|
||||
ara_api_source: "https://git.openstack.org/openstack/ara"
|
||||
|
||||
# Location where ara will be checked out when installing from source
|
||||
ara_source_checkout: "{{ ara_root_dir }}/git/ara"
|
||||
ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"
|
||||
|
||||
# Version of ara to install
|
||||
# This can be a git ref (tag, branch, commit) when installing from source or
|
||||
# it can be a version number released to PyPi.
|
||||
# When using "latest" as the source version, HEAD will be used
|
||||
# When using "latest" as the pypi version, the latest release will be used
|
||||
ara_install_version: feature/1.0
|
||||
ara_api_version: feature/1.0
|
||||
|
||||
# The web server for serving the ARA API
|
||||
# The frontend/web server for serving the ARA API
|
||||
# It is recommended to specify a web server when deploying a production environment.
|
||||
# API browser.
|
||||
# - none (null - default)
|
||||
# - nginx (recommended)
|
||||
# - apache (planned)
|
||||
ara_web_server: null
|
||||
ara_api_frontend_server: null
|
||||
|
||||
# When using a frontend server, you can override the default vhost configuration
|
||||
# template by specifying the path to your own template file.
|
||||
ara_api_frontend_vhost: null
|
||||
|
||||
# The WSGI server for running ARA's API server
|
||||
# - none (null - default)
|
||||
# - gunicorn (recommended)
|
||||
# - uwsgi (planned)
|
||||
# - mod_wsgi (planned)
|
||||
ara_wsgi_server: null
|
||||
ara_api_wsgi_server: null
|
||||
|
||||
# Address and port on which the wsgi server will bind
|
||||
# Changing this value means you might need to adjust "ara_allowed_hosts" and
|
||||
# "ara_cors_origin_whitelist".
|
||||
ara_wsgi_bind: "127.0.0.1:8000"
|
||||
# Changing this value means you might need to adjust "ara_api_allowed_hosts" and
|
||||
# "ara_api_cors_origin_whitelist".
|
||||
ara_api_wsgi_bind: "127.0.0.1:8000"
|
||||
|
||||
# When using a web server, the domain it will be listening on
|
||||
ara_api_fqdn: "{{ ansible_default_ipv4['address'] }}"
|
||||
|
@ -76,19 +80,19 @@ ara_api_fqdn: "{{ ansible_default_ipv4['address'] }}"
|
|||
####################################
|
||||
|
||||
# ARA_BASE_DIR - Default directory for storing data and configuration
|
||||
ara_base_dir: "{{ ara_root_dir }}/server"
|
||||
ara_api_base_dir: "{{ ara_api_root_dir }}/server"
|
||||
|
||||
# ARA_SETTINGS - Path to an ARA API configuration file
|
||||
ara_settings: "{{ ara_base_dir }}/settings.yaml"
|
||||
ara_api_settings: "{{ ara_api_base_dir }}/settings.yaml"
|
||||
|
||||
# ARA_ENV - Environment to load configuration for
|
||||
ara_env: default
|
||||
ara_api_env: default
|
||||
|
||||
# ARA_LOG_LEVEL - Log level of the different components
|
||||
ara_log_level: INFO
|
||||
ara_api_log_level: INFO
|
||||
|
||||
# ARA_LOGGING - Python logging configuration
|
||||
ara_logging:
|
||||
ara_api_logging:
|
||||
disable_existing_loggers: false
|
||||
formatters:
|
||||
normal:
|
||||
|
@ -97,33 +101,33 @@ ara_logging:
|
|||
console:
|
||||
class: logging.handlers.TimedRotatingFileHandler
|
||||
formatter: normal
|
||||
level: "{{ ara_log_level }}"
|
||||
filename: "{{ ara_log_dir }}/server.log"
|
||||
level: "{{ ara_api_log_level }}"
|
||||
filename: "{{ ara_api_log_dir }}/server.log"
|
||||
when: 'midnight'
|
||||
interval: 1
|
||||
backupCount: 30
|
||||
loggers:
|
||||
ara:
|
||||
handlers:
|
||||
- console
|
||||
level: "{{ ara_log_level }}"
|
||||
- console
|
||||
level: "{{ ara_api_log_level }}"
|
||||
propagate: 0
|
||||
root:
|
||||
handlers:
|
||||
- console
|
||||
level: "{{ ara_log_level }}"
|
||||
- console
|
||||
level: "{{ ara_api_log_level }}"
|
||||
version: 1
|
||||
|
||||
# ARA_CORS_ORIGIN_ALLOW_ALL - django-cors-headers’s CORS_ORIGIN_WHITELIST_ALLOW_ALL setting
|
||||
ara_cors_origin_allow_all: false
|
||||
ara_api_cors_origin_allow_all: false
|
||||
|
||||
# ARA_CORS_ORIGIN_WHITELIST - django-cors-headers’s CORS_ORIGIN_WHITELIST setting
|
||||
ara_cors_origin_whitelist:
|
||||
ara_api_cors_origin_whitelist:
|
||||
- "127.0.0.1:8000"
|
||||
- "localhost:3000"
|
||||
|
||||
# ARA_SERVER_ALLOWED_HOSTS - Django’s ALLOWED_HOSTS setting
|
||||
ara_allowed_hosts:
|
||||
ara_api_allowed_hosts:
|
||||
- "127.0.0.1"
|
||||
- "localhost"
|
||||
- "::1"
|
||||
|
@ -131,26 +135,26 @@ ara_allowed_hosts:
|
|||
|
||||
# ARA_DEBUG - Django's DEBUG setting
|
||||
# It is not recommended to run with debug enabled in production.
|
||||
ara_debug: false
|
||||
ara_api_debug: false
|
||||
|
||||
# ARA_SECRET_KEY - Django's SECRET_KEY setting
|
||||
# Note: If no key is provided, a random one will be generated once and persisted
|
||||
ara_secret_key: null
|
||||
ara_api_secret_key: null
|
||||
|
||||
# ARA_DATABASE_ENGINE - Django’s ENGINE database setting
|
||||
ara_database_engine: django.db.backends.sqlite3
|
||||
ara_api_database_engine: django.db.backends.sqlite3
|
||||
|
||||
# ARA_DATABASE_NAME - Django’s NAME database setting
|
||||
ara_database_name: "{{ ara_base_dir }}/ansible.sqlite"
|
||||
ara_api_database_name: "{{ ara_api_base_dir }}/ansible.sqlite"
|
||||
|
||||
# ARA_DATABASE_USER - Django’s USER database setting
|
||||
ara_database_user: null
|
||||
ara_api_database_user: null
|
||||
|
||||
# ARA_DATABASE_PASSWORD - Django’s PASSWORD database setting
|
||||
ara_database_password: null
|
||||
ara_api_database_password: null
|
||||
|
||||
# ARA_DATABASE_HOST - Django’s HOST database setting
|
||||
ara_database_host: null
|
||||
ara_api_database_host: null
|
||||
|
||||
# ARA_DATABASE_PORT - Django’s PORT database setting
|
||||
ara_database_port: null
|
||||
ara_api_database_port: null
|
|
@ -16,13 +16,6 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- name: restart nginx
|
||||
become: yes
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
when: ara_nginx_enabled is not changed
|
||||
|
||||
- name: restart ara-api
|
||||
become: yes
|
||||
service:
|
|
@ -18,17 +18,17 @@
|
|||
|
||||
- name: Verify if a configuration file exists
|
||||
stat:
|
||||
path: "{{ ara_settings }}"
|
||||
path: "{{ ara_api_settings }}"
|
||||
register: settings_stat
|
||||
|
||||
# If no secret key has been provided and this isn't the first time we are
|
||||
# running, recover the secret key from the existing configuration file.
|
||||
- when:
|
||||
- ara_secret_key is none
|
||||
- ara_api_secret_key is none
|
||||
- settings_stat.stat.exists
|
||||
block:
|
||||
- name: Read the configuration file
|
||||
command: cat "{{ ara_settings }}"
|
||||
- name: Read the existing configuration file
|
||||
command: cat "{{ ara_api_settings }}"
|
||||
changed_when: false
|
||||
no_log: yes
|
||||
register: settings_contents
|
||||
|
@ -37,14 +37,14 @@
|
|||
vars:
|
||||
config: "{{ settings_contents.stdout | from_yaml }}"
|
||||
set_fact:
|
||||
ara_secret_key: "{{ config[ara_env]['SECRET_KEY'] }}"
|
||||
ara_api_secret_key: "{{ config[ara_api_env]['SECRET_KEY'] }}"
|
||||
no_log: yes
|
||||
|
||||
# If no secret key has been provided and this is the first time we are
|
||||
# running, generate a new random secret key that will be persisted in the
|
||||
# configuration file.
|
||||
- when:
|
||||
- ara_secret_key is none
|
||||
- ara_api_secret_key is none
|
||||
- not settings_stat.stat.exists
|
||||
block:
|
||||
- name: Generate a random secret key
|
||||
|
@ -54,33 +54,33 @@
|
|||
no_log: yes
|
||||
register: generated_key
|
||||
|
||||
- name: Set ara_secret_key
|
||||
- name: Set ara_api_secret_key
|
||||
set_fact:
|
||||
ara_secret_key: "{{ generated_key.stdout }}"
|
||||
ara_api_secret_key: "{{ generated_key.stdout }}"
|
||||
no_log: yes
|
||||
|
||||
# Put configuration in a format we can write to a file
|
||||
- name: Reconcile configuration
|
||||
vars:
|
||||
reconciled_configuration:
|
||||
ALLOWED_HOSTS: "{{ ara_allowed_hosts }}"
|
||||
BASE_DIR: "{{ ara_base_dir }}"
|
||||
CORS_ORIGIN_ALLOW_ALL: "{{ ara_cors_origin_allow_all }}"
|
||||
CORS_ORIGIN_WHITELIST: "{{ ara_cors_origin_whitelist }}"
|
||||
ALLOWED_HOSTS: "{{ ara_api_allowed_hosts }}"
|
||||
BASE_DIR: "{{ ara_api_base_dir }}"
|
||||
CORS_ORIGIN_ALLOW_ALL: "{{ ara_api_cors_origin_allow_all }}"
|
||||
CORS_ORIGIN_WHITELIST: "{{ ara_api_cors_origin_whitelist }}"
|
||||
DATABASES:
|
||||
default:
|
||||
ENGINE: "{{ ara_database_engine }}"
|
||||
NAME: "{{ ara_database_name }}"
|
||||
USER: "{{ ara_database_user }}"
|
||||
PASSWORD: "{{ ara_database_password }}"
|
||||
HOST: "{{ ara_database_host }}"
|
||||
PORT: "{{ ara_database_port }}"
|
||||
DEBUG: "{{ ara_debug }}"
|
||||
LOGGING: "{{ ara_logging }}"
|
||||
LOG_LEVEL: "{{ ara_log_level }}"
|
||||
SECRET_KEY: "{{ ara_secret_key }}"
|
||||
ENGINE: "{{ ara_api_database_engine }}"
|
||||
NAME: "{{ ara_api_database_name }}"
|
||||
USER: "{{ ara_api_database_user }}"
|
||||
PASSWORD: "{{ ara_api_database_password }}"
|
||||
HOST: "{{ ara_api_database_host }}"
|
||||
PORT: "{{ ara_api_database_port }}"
|
||||
DEBUG: "{{ ara_api_debug }}"
|
||||
LOGGING: "{{ ara_api_logging }}"
|
||||
LOG_LEVEL: "{{ ara_api_log_level }}"
|
||||
SECRET_KEY: "{{ ara_api_secret_key }}"
|
||||
set_fact:
|
||||
ara_api_configuration: "{'{{ ara_env }}': {{ reconciled_configuration }} }"
|
||||
ara_api_configuration: "{'{{ ara_api_env }}': {{ reconciled_configuration }} }"
|
||||
no_log: yes
|
||||
|
||||
- name: Set up the ARA API configuration file
|
||||
|
@ -89,7 +89,7 @@
|
|||
---
|
||||
# Managed by the ara Ansible role
|
||||
{{ ara_api_configuration | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ ara_settings }}"
|
||||
dest: "{{ ara_api_settings }}"
|
||||
mode: 0750
|
||||
notify:
|
||||
- restart ara-api
|
|
@ -17,14 +17,14 @@
|
|||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- name: Ensure the database directory exists
|
||||
become: "{{ (ansible_user_dir in ara_database_name) | ternary(false, true) }}"
|
||||
become: "{{ (ansible_user_dir in ara_api_database_name) | ternary(false, true) }}"
|
||||
file:
|
||||
path: "{{ ara_database_name | dirname }}"
|
||||
path: "{{ ara_api_database_name | dirname }}"
|
||||
state: directory
|
||||
|
||||
- name: Run SQL migrations
|
||||
become: "{{ (ansible_user_dir in ara_database_name) | ternary(false, true) }}"
|
||||
become: "{{ (ansible_user_dir in ara_api_database_name) | ternary(false, true) }}"
|
||||
environment:
|
||||
ARA_SETTINGS: "{{ ara_settings }}"
|
||||
ARA_SETTINGS: "{{ ara_api_settings }}"
|
||||
PATH: "{{ path_with_virtualenv | default(omit) }}"
|
||||
command: ara-manage migrate
|
|
@ -18,18 +18,18 @@
|
|||
|
||||
- name: Prepare git repository for ara
|
||||
git:
|
||||
repo: "{{ ara_source }}"
|
||||
dest: "{{ ara_source_checkout }}"
|
||||
version: "{{ (ara_install_version == 'latest') | ternary('HEAD', ara_install_version) }}"
|
||||
repo: "{{ ara_api_source }}"
|
||||
dest: "{{ ara_api_source_checkout }}"
|
||||
version: "{{ (ara_api_version == 'latest') | ternary('HEAD', ara_api_version) }}"
|
||||
|
||||
- name: Install ara
|
||||
pip:
|
||||
name: "{{ ara_source_checkout }}"
|
||||
name: "{{ ara_api_source_checkout }}"
|
||||
state: present
|
||||
virtualenv: "{{ ara_venv | bool | ternary(ara_venv_path, omit) }}"
|
||||
virtualenv: "{{ ara_api_venv | bool | ternary(ara_api_venv_path, omit) }}"
|
||||
virtualenv_python: python3
|
||||
|
||||
- name: Prefix the virtualenv bin directory to PATH
|
||||
set_fact:
|
||||
path_with_virtualenv: "{{ ara_venv_path }}/bin:{{ ansible_env.PATH }}"
|
||||
when: ara_venv | bool
|
||||
path_with_virtualenv: "{{ ara_api_venv_path }}/bin:{{ ansible_env.PATH }}"
|
||||
when: ara_api_venv | bool
|
|
@ -26,17 +26,18 @@
|
|||
include_tasks: pre-requirements.yaml
|
||||
|
||||
- name: Include installation of ARA
|
||||
include_tasks: "install/{{ ara_install_method }}.yaml"
|
||||
include_tasks: "install/{{ ara_api_install_method }}.yaml"
|
||||
|
||||
- name: Include configuration of the ARA API
|
||||
include_tasks: config.yaml
|
||||
|
||||
- name: Include configuration of the database engine
|
||||
include_tasks: "database_engine/{{ ara_database_engine }}.yaml"
|
||||
include_tasks: "database_engine/{{ ara_api_database_engine }}.yaml"
|
||||
|
||||
- name: Include installation of the WSGI backend server
|
||||
include_tasks: "wsgi_server/{{ ara_wsgi_server }}.yaml"
|
||||
include_tasks: "wsgi_server/{{ ara_api_wsgi_server }}.yaml"
|
||||
|
||||
- name: Include installation of the web server
|
||||
include_tasks: "web_server/{{ ara_web_server }}.yaml"
|
||||
when: ara_web_server is not none
|
||||
- name: Include installation of the frontend server
|
||||
include_role:
|
||||
name: "ara_frontend_{{ ara_api_frontend_server }}"
|
||||
when: ara_api_frontend_server is not none
|
|
@ -36,15 +36,15 @@
|
|||
|
||||
- name: Retrieve list of missing required packages
|
||||
set_fact:
|
||||
ara_missing_packages: "{{ ara_required_packages | difference(ansible_facts.packages.keys()) }}"
|
||||
ara_api_missing_packages: "{{ ara_api_required_packages | difference(ansible_facts.packages.keys()) }}"
|
||||
|
||||
# Only attempt to elevate privileges if there are any missing packages
|
||||
- when: ara_missing_packages | length > 0
|
||||
- when: ara_api_missing_packages | length > 0
|
||||
block:
|
||||
- name: Install required packages
|
||||
become: yes
|
||||
package:
|
||||
name: "{{ ara_required_packages }}"
|
||||
name: "{{ ara_api_required_packages }}"
|
||||
state: present
|
||||
rescue:
|
||||
- name: Fail due to missing packages
|
||||
|
@ -53,23 +53,23 @@
|
|||
|
||||
# The following tasks dynamically enable escalated privileges only when the
|
||||
# directory to create is not located in the user's home directory.
|
||||
- name: Ensure ara_root_dir exists
|
||||
become: "{{ (ansible_user_dir in ara_root_dir) | ternary(false, true) }}"
|
||||
- name: Ensure ara_api_root_dir exists
|
||||
become: "{{ (ansible_user_dir in ara_api_root_dir) | ternary(false, true) }}"
|
||||
file:
|
||||
path: "{{ ara_root_dir }}"
|
||||
path: "{{ ara_api_root_dir }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure ara_base_dir exists
|
||||
become: "{{ (ansible_user_dir in ara_base_dir) | ternary(false, true) }}"
|
||||
- name: Ensure ara_api_base_dir exists
|
||||
become: "{{ (ansible_user_dir in ara_api_base_dir) | ternary(false, true) }}"
|
||||
file:
|
||||
path: "{{ ara_base_dir }}"
|
||||
path: "{{ ara_api_base_dir }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
|
||||
- name: Ensure ara_log_dir exists
|
||||
become: "{{ (ansible_user_dir in ara_log_dir) | ternary(false, true) }}"
|
||||
- name: Ensure ara_api_log_dir exists
|
||||
become: "{{ (ansible_user_dir in ara_api_log_dir) | ternary(false, true) }}"
|
||||
file:
|
||||
path: "{{ ara_log_dir }}"
|
||||
path: "{{ ara_api_log_dir }}"
|
||||
state: directory
|
||||
mode: 0750
|
|
@ -20,7 +20,7 @@
|
|||
pip:
|
||||
name: gunicorn
|
||||
state: present
|
||||
virtualenv: "{{ ara_venv | bool | ternary(ara_venv_path, omit) }}"
|
||||
virtualenv: "{{ ara_api_venv | bool | ternary(ara_api_venv_path, omit) }}"
|
||||
virtualenv_python: python3
|
||||
|
||||
- become: yes
|
|
@ -6,12 +6,12 @@ After=network.target
|
|||
PIDFile=/run/ara-api/pid
|
||||
User={{ ansible_user }}
|
||||
RuntimeDirectory=ara-api
|
||||
WorkingDirectory={{ ara_root_dir }}
|
||||
Environment=ARA_SETTINGS={{ ara_settings }}
|
||||
{% if ara_venv %}
|
||||
ExecStart={{ ara_venv_path }}/bin/gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_wsgi_bind }} ara.server.wsgi
|
||||
WorkingDirectory={{ ara_api_root_dir }}
|
||||
Environment=ARA_SETTINGS={{ ara_api_settings }}
|
||||
{% if ara_api_venv %}
|
||||
ExecStart={{ ara_api_venv_path }}/bin/gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_api_wsgi_bind }} ara.server.wsgi
|
||||
{% else %}
|
||||
ExecStart=gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_wsgi_bind }} ara.server.wsgi
|
||||
ExecStart=gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_api_wsgi_bind }} ara.server.wsgi
|
||||
{% endif %}
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
ExecStop=/bin/kill -s TERM $MAINPID
|
|
@ -16,12 +16,8 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
ara_required_packages:
|
||||
ara_api_required_packages:
|
||||
- git
|
||||
- python3-virtualenv
|
||||
- python3-libselinux
|
||||
- policycoreutils-python-utils
|
||||
|
||||
ara_nginx_user: nginx
|
||||
ara_nginx_group: nginx
|
||||
ara_nginx_config_path: /etc/nginx/conf.d
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This file is part of ARA Records Ansible.
|
||||
#
|
||||
# ARA Records Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# ARA Records Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
ara_api_required_packages:
|
||||
- git
|
||||
- python3-venv
|
|
@ -0,0 +1,56 @@
|
|||
ansible-role-ara-frontend-nginx
|
||||
===============================
|
||||
|
||||
A role for deploying a minimal installation of nginx for ara-api and ara-web.
|
||||
|
||||
This role is not meant to be used on it's own, it should be included by the
|
||||
``ara_api`` and ``ara_web`` roles in order to have the necessary variables
|
||||
available.
|
||||
|
||||
It is currently tested and supported against Ubuntu 18.04 and Fedora 29.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
- ``ara_api_frontend_vhost``: Path to a custom nginx vhost configuration file for ara-api.
|
||||
|
||||
Example playbook
|
||||
----------------
|
||||
|
||||
Install ARA and set up the API to be served by nginx with a custom vhost configuration
|
||||
in front of gunicorn::
|
||||
|
||||
# Requires superuser privileges to set up nginx and the ara-api service
|
||||
# The API will be reachable at http://api.ara.example.org
|
||||
- name: Install ARA and set up the API to be served by nginx in front of gunicorn
|
||||
hosts: all
|
||||
gather_facts: yes
|
||||
vars:
|
||||
ara_api_frontend_server: nginx
|
||||
ara_api_wsgi_server: gunicorn
|
||||
ara_api_fqdn: api.ara.example.org
|
||||
ara_api_allowed_hosts:
|
||||
- api.ara.example.org
|
||||
ara_api_frontend_vhost: custom_vhost.conf.j2
|
||||
roles:
|
||||
- ara_api
|
||||
|
||||
Copyright
|
||||
---------
|
||||
|
||||
::
|
||||
|
||||
Copyright (c) 2019 Red Hat, Inc.
|
||||
|
||||
ARA Records Ansible is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
ARA Records Ansible is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This file is part of ARA Records Ansible.
|
||||
#
|
||||
# ARA Records Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# ARA Records Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- name: restart nginx
|
||||
become: yes
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
when: ara_nginx_enabled is not changed
|
|
@ -16,6 +16,12 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- name: Include OS family/distribution specific variables
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution }}.yaml"
|
||||
- "{{ ansible_os_family }}.yaml"
|
||||
|
||||
- become: yes
|
||||
block:
|
||||
- name: Install nginx
|
||||
|
@ -32,10 +38,13 @@
|
|||
|
||||
- name: Set up the ARA API nginx vhost
|
||||
template:
|
||||
src: "{{ ara_nginx_api_vhost | default('nginx-ara-api.conf.j2') }}"
|
||||
src: "{{ ara_api_frontend_vhost | default('ara-api.conf.j2') }}"
|
||||
dest: "{{ ara_nginx_config_path }}/ara-api.conf"
|
||||
notify:
|
||||
- restart nginx
|
||||
when:
|
||||
- ara_api_fqdn is defined
|
||||
- ara_api_wsgi_bind is defined
|
||||
|
||||
- name: Enable the nginx configuration on Debian-like systems
|
||||
file:
|
|
@ -1,7 +1,7 @@
|
|||
upstream ara_api {
|
||||
# fail_timeout=0 means we always retry an upstream even if it failed
|
||||
# to return a good HTTP response
|
||||
server {{ ara_wsgi_bind }} fail_timeout=0;
|
||||
server {{ ara_api_wsgi_bind }} fail_timeout=0;
|
||||
}
|
||||
|
||||
server {
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This file is part of ARA Records Ansible.
|
||||
#
|
||||
# ARA Records Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# ARA Records Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
ara_nginx_user: nginx
|
||||
ara_nginx_group: nginx
|
||||
ara_nginx_config_path: /etc/nginx/conf.d
|
|
@ -16,10 +16,6 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
ara_required_packages:
|
||||
- git
|
||||
- python3-venv
|
||||
|
||||
ara_nginx_user: www-data
|
||||
ara_nginx_group: www-data
|
||||
ara_nginx_config_path: /etc/nginx/sites-available
|
Loading…
Reference in New Issue