recordsansible
/
ara
Code Issues Proposed changes

Rename the ara role to ara_api and move nginx out to it's own role 

Moving nginx out to it's own role allows us to re-use it for ara-web.
Renaming ara to ara_api and namespacing it's variables helps removing
ambiguities and opportunities for clashing names.

Change-Id: Ie1fc53fa25b00bc86aafda708df9866f02ced6fd
This commit is contained in:
David Moreau Simard 2019-03-07 17:05:30 -05:00
parent 3b6b291967
commit f61531ab9a
No known key found for this signature in database
GPG Key ID: CBEB466764A9E621
25 changed files with 262 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.zuul.yaml
View File

@ -59,12 +59,12 @@
- requirements.txt
- test-requirements.txt
pre-run: tests/role-integration-pre.yaml
run: playbooks/ara.yaml
run: playbooks/ara_api.yaml
vars:
ara_source: "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara"
ara_web_server: nginx
ara_wsgi_server: gunicorn
ara_www_dir: /var/www/ara
ara_api_source: "{{ ansible_user_dir }}/src/git.openstack.org/openstack/ara"
ara_api_web_server: nginx
ara_api_wsgi_server: gunicorn
ansible_python_interpreter: /usr/bin/python3
- job:
name: ara-1.0-role-integration-ubuntu

1
doc/source/ansible-role-ara-api.rst Normal file
View File

@ -0,0 +1 @@
.. include:: ../../roles/ara_api/README.rst

1
doc/source/ansible-role-ara.rst
View File

@ -1 +0,0 @@
.. include:: ../../roles/ara/README.rst

2
doc/source/index.rst
View File

@ -17,4 +17,4 @@ Table of Contents
.. toctree::
:maxdepth: 1
ansible-role-ara <ansible-role-ara>
ansible-role-ara-api <ansible-role-ara-api>

6
doc/source/installation.rst
View File

@ -17,9 +17,9 @@ in order to avoid conflicts with your Linux distribution python packages::
# Install ARA 1.0 from source
~/.ara/venv/bin/pip install git+https://git.openstack.org/openstack/ara@feature/1.0
Using ansible-role-ara
----------------------
Using ansible-role-ara-api
---------------------------
An Ansible role is available to install and configure ARA.
For more details, refer to the role documentation: :ref:`ansible-role-ara`.
For more details, refer to the role documentation: :ref:`ansible-role-ara-api`.

4
playbooks/ara.yaml → playbooks/ara_api.yaml
View File

@ -1,7 +1,5 @@
- name: Install ARA with default settings
hosts: all
gather_facts: yes
vars:
ansible_python_interpreter: /usr/bin/python3
roles:
- ara
- ara_api

35
roles/ara/README.rst → roles/ara_api/README.rst
View File

@ -1,5 +1,5 @@
ansible-role-ara
================
ansible-role-ara-api
====================
This Ansible role provides a framework for installing one or many instances of
`ara <https://github.com/openstack/ara>`_ in a variety of opinionated
@ -10,7 +10,7 @@ It is currently tested and supported against Ubuntu 18.04 and Fedora 29.
Role Variables
--------------
See `defaults/main.yaml <https://github.com/openstack/ara/blob/feature/1.0/roles/ara/defaults/main.yaml>`_.
See `defaults/main.yaml <https://github.com/openstack/ara/blob/feature/1.0/roles/ara_api/defaults/main.yaml>`_.
TL;DR
-----
@ -22,10 +22,8 @@ Playbook that runs the role with defaults::
- name: Install ARA with default settings and no persistent API server
hosts: all
gather_facts: yes
vars:
ansible_python_interpreter: /usr/bin/python3
roles:
- ara
- ara_api
What the role ends up doing by default:
@ -46,16 +44,16 @@ can be selected with role variables.
For example, the following role variables are used to provide the topology from
the ``TL;DR`` above:
- ``ara_install_method: source``
- ``ara_wsgi_server: null``
- ``ara_database_engine: django.db.backends.sqlite3``
- ``ara_web_server: null``
- ``ara_api_install_method: source``
- ``ara_api_wsgi_server: null``
- ``ara_api_database_engine: django.db.backends.sqlite3``
- ``ara_api_web_server: null``
The intent is that as the role gains support for other install methods,
wsgi servers, database engines or web servers, it will be possible to
mix and match according to preference or requirements.
Perhaps ARA could be installed from pypi and run with uwsgi, nginx and mysql.
Perhaps ARA could be installed from pypi and run with gunicorn, nginx and mysql.
Or maybe it could be installed from distribution packages and set up to run
with apache, mod_wsgi and postgresql.
Or any combination of any of those.
@ -71,10 +69,9 @@ Install ARA and set up the API to be served by a persistent gunicorn service::
hosts: all
gather_facts: yes
vars:
ansible_python_interpreter: /usr/bin/python3
ara_wsgi_server: gunicorn
ara_api_wsgi_server: gunicorn
roles:
- ara
- ara_api
Install ARA and set up the API to be served by nginx in front of gunicorn::
@ -84,14 +81,14 @@ Install ARA and set up the API to be served by nginx in front of gunicorn::
hosts: all
gather_facts: yes
vars:
ansible_python_interpreter: /usr/bin/python3
ara_web_server: nginx
ara_wsgi_server: gunicorn
ara_api_frontend_server: nginx
ara_api_wsgi_server: gunicorn
ara_api_fqdn: api.ara.example.org
ara_allowed_hosts:
ara_api_allowed_hosts:
- api.ara.example.org
ara_api_frontend_vhost: custom_vhost.conf.j2
roles:
- ara
- ara_api
Copyright
---------

78
roles/ara/defaults/main.yaml → roles/ara_api/defaults/main.yaml
View File

@ -17,55 +17,59 @@
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
# Root directories in which data, configuration and logs will be stored
ara_root_dir: "{{ ansible_user_dir }}/.ara" # git repos, virtualenvs, sqlite db
ara_log_dir: "{{ ara_root_dir }}/logs" # logs
ara_api_root_dir: "{{ ansible_user_dir }}/.ara" # git repos, virtualenvs, sqlite db
ara_api_log_dir: "{{ ara_api_root_dir }}/logs" # logs
# Whether or not ara should be installed in a virtual environment.
# Running ara in a virtualenv is recommended to avoid conflicting with
# system-wide python packages.
ara_venv: true
ara_api_venv: true
# When using a virtualenv, location where it will be installed
ara_venv_path: "{{ ara_root_dir }}/virtualenv"
ara_api_venv_path: "{{ ara_api_root_dir }}/virtualenv"
# How ara will be installed
# source (default): installs from a local or remote git repository specified by ara_source
# source (default): installs from a local or remote git repository specified by ara_api_source
# pypi (planned): installs from pypi
ara_install_method: source
ara_api_install_method: source
# The source where the git repository can be cloned from.
# Can be an URL to a git repository or the path to a local repository on disk.
ara_source: "https://git.openstack.org/openstack/ara"
ara_api_source: "https://git.openstack.org/openstack/ara"
# Location where ara will be checked out when installing from source
ara_source_checkout: "{{ ara_root_dir }}/git/ara"
ara_api_source_checkout: "{{ ara_api_root_dir }}/git/ara"
# Version of ara to install
# This can be a git ref (tag, branch, commit) when installing from source or
# it can be a version number released to PyPi.
# When using "latest" as the source version, HEAD will be used
# When using "latest" as the pypi version, the latest release will be used
ara_install_version: feature/1.0
ara_api_version: feature/1.0
# The web server for serving the ARA API
# The frontend/web server for serving the ARA API
# It is recommended to specify a web server when deploying a production environment.
# API browser.
# - none (null - default)
# - nginx (recommended)
# - apache (planned)
ara_web_server: null
ara_api_frontend_server: null
# When using a frontend server, you can override the default vhost configuration
# template by specifying the path to your own template file.
ara_api_frontend_vhost: null
# The WSGI server for running ARA's API server
# - none (null - default)
# - gunicorn (recommended)
# - uwsgi (planned)
# - mod_wsgi (planned)
ara_wsgi_server: null
ara_api_wsgi_server: null
# Address and port on which the wsgi server will bind
# Changing this value means you might need to adjust "ara_allowed_hosts" and
# "ara_cors_origin_whitelist".
ara_wsgi_bind: "127.0.0.1:8000"
# Changing this value means you might need to adjust "ara_api_allowed_hosts" and
# "ara_api_cors_origin_whitelist".
ara_api_wsgi_bind: "127.0.0.1:8000"
# When using a web server, the domain it will be listening on
ara_api_fqdn: "{{ ansible_default_ipv4['address'] }}"
@ -76,19 +80,19 @@ ara_api_fqdn: "{{ ansible_default_ipv4['address'] }}"
####################################
# ARA_BASE_DIR - Default directory for storing data and configuration
ara_base_dir: "{{ ara_root_dir }}/server"
ara_api_base_dir: "{{ ara_api_root_dir }}/server"
# ARA_SETTINGS - Path to an ARA API configuration file
ara_settings: "{{ ara_base_dir }}/settings.yaml"
ara_api_settings: "{{ ara_api_base_dir }}/settings.yaml"
# ARA_ENV - Environment to load configuration for
ara_env: default
ara_api_env: default
# ARA_LOG_LEVEL - Log level of the different components
ara_log_level: INFO
ara_api_log_level: INFO
# ARA_LOGGING - Python logging configuration
ara_logging:
ara_api_logging:
disable_existing_loggers: false
formatters:
normal:
@ -97,33 +101,33 @@ ara_logging:
console:
class: logging.handlers.TimedRotatingFileHandler
formatter: normal
level: "{{ ara_log_level }}"
filename: "{{ ara_log_dir }}/server.log"
level: "{{ ara_api_log_level }}"
filename: "{{ ara_api_log_dir }}/server.log"
when: 'midnight'
interval: 1
backupCount: 30
loggers:
ara:
handlers:
- console
level: "{{ ara_log_level }}"
- console
level: "{{ ara_api_log_level }}"
propagate: 0
root:
handlers:
- console
level: "{{ ara_log_level }}"
- console
level: "{{ ara_api_log_level }}"
version: 1
# ARA_CORS_ORIGIN_ALLOW_ALL - django-cors-headerss CORS_ORIGIN_WHITELIST_ALLOW_ALL setting
ara_cors_origin_allow_all: false
ara_api_cors_origin_allow_all: false
# ARA_CORS_ORIGIN_WHITELIST - django-cors-headerss CORS_ORIGIN_WHITELIST setting
ara_cors_origin_whitelist:
ara_api_cors_origin_whitelist:
- "127.0.0.1:8000"
- "localhost:3000"
# ARA_SERVER_ALLOWED_HOSTS - Djangos ALLOWED_HOSTS setting
ara_allowed_hosts:
ara_api_allowed_hosts:
- "127.0.0.1"
- "localhost"
- "::1"
@ -131,26 +135,26 @@ ara_allowed_hosts:
# ARA_DEBUG - Django's DEBUG setting
# It is not recommended to run with debug enabled in production.
ara_debug: false
ara_api_debug: false
# ARA_SECRET_KEY - Django's SECRET_KEY setting
# Note: If no key is provided, a random one will be generated once and persisted
ara_secret_key: null
ara_api_secret_key: null
# ARA_DATABASE_ENGINE - Djangos ENGINE database setting
ara_database_engine: django.db.backends.sqlite3
ara_api_database_engine: django.db.backends.sqlite3
# ARA_DATABASE_NAME - Djangos NAME database setting
ara_database_name: "{{ ara_base_dir }}/ansible.sqlite"
ara_api_database_name: "{{ ara_api_base_dir }}/ansible.sqlite"
# ARA_DATABASE_USER - Djangos USER database setting
ara_database_user: null
ara_api_database_user: null
# ARA_DATABASE_PASSWORD - Djangos PASSWORD database setting
ara_database_password: null
ara_api_database_password: null
# ARA_DATABASE_HOST - Djangos HOST database setting
ara_database_host: null
ara_api_database_host: null
# ARA_DATABASE_PORT - Djangos PORT database setting
ara_database_port: null
ara_api_database_port: null

7
roles/ara/handlers/main.yaml → roles/ara_api/handlers/main.yaml
View File

@ -16,13 +16,6 @@
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: restart nginx
become: yes
service:
name: nginx
state: restarted
when: ara_nginx_enabled is not changed
- name: restart ara-api
become: yes
service:

0
roles/ara/meta/main.yaml → roles/ara_api/meta/main.yaml
View File

48
roles/ara/tasks/config.yaml → roles/ara_api/tasks/config.yaml
View File

@ -18,17 +18,17 @@
- name: Verify if a configuration file exists
stat:
path: "{{ ara_settings }}"
path: "{{ ara_api_settings }}"
register: settings_stat
# If no secret key has been provided and this isn't the first time we are
# running, recover the secret key from the existing configuration file.
- when:
- ara_secret_key is none
- ara_api_secret_key is none
- settings_stat.stat.exists
block:
- name: Read the configuration file
command: cat "{{ ara_settings }}"
- name: Read the existing configuration file
command: cat "{{ ara_api_settings }}"
changed_when: false
no_log: yes
register: settings_contents
@ -37,14 +37,14 @@
vars:
config: "{{ settings_contents.stdout | from_yaml }}"
set_fact:
ara_secret_key: "{{ config[ara_env]['SECRET_KEY'] }}"
ara_api_secret_key: "{{ config[ara_api_env]['SECRET_KEY'] }}"
no_log: yes
# If no secret key has been provided and this is the first time we are
# running, generate a new random secret key that will be persisted in the
# configuration file.
- when:
- ara_secret_key is none
- ara_api_secret_key is none
- not settings_stat.stat.exists
block:
- name: Generate a random secret key
@ -54,33 +54,33 @@
no_log: yes
register: generated_key
- name: Set ara_secret_key
- name: Set ara_api_secret_key
set_fact:
ara_secret_key: "{{ generated_key.stdout }}"
ara_api_secret_key: "{{ generated_key.stdout }}"
no_log: yes
# Put configuration in a format we can write to a file
- name: Reconcile configuration
vars:
reconciled_configuration:
ALLOWED_HOSTS: "{{ ara_allowed_hosts }}"
BASE_DIR: "{{ ara_base_dir }}"
CORS_ORIGIN_ALLOW_ALL: "{{ ara_cors_origin_allow_all }}"
CORS_ORIGIN_WHITELIST: "{{ ara_cors_origin_whitelist }}"
ALLOWED_HOSTS: "{{ ara_api_allowed_hosts }}"
BASE_DIR: "{{ ara_api_base_dir }}"
CORS_ORIGIN_ALLOW_ALL: "{{ ara_api_cors_origin_allow_all }}"
CORS_ORIGIN_WHITELIST: "{{ ara_api_cors_origin_whitelist }}"
DATABASES:
default:
ENGINE: "{{ ara_database_engine }}"
NAME: "{{ ara_database_name }}"
USER: "{{ ara_database_user }}"
PASSWORD: "{{ ara_database_password }}"
HOST: "{{ ara_database_host }}"
PORT: "{{ ara_database_port }}"
DEBUG: "{{ ara_debug }}"
LOGGING: "{{ ara_logging }}"
LOG_LEVEL: "{{ ara_log_level }}"
SECRET_KEY: "{{ ara_secret_key }}"
ENGINE: "{{ ara_api_database_engine }}"
NAME: "{{ ara_api_database_name }}"
USER: "{{ ara_api_database_user }}"
PASSWORD: "{{ ara_api_database_password }}"
HOST: "{{ ara_api_database_host }}"
PORT: "{{ ara_api_database_port }}"
DEBUG: "{{ ara_api_debug }}"
LOGGING: "{{ ara_api_logging }}"
LOG_LEVEL: "{{ ara_api_log_level }}"
SECRET_KEY: "{{ ara_api_secret_key }}"
set_fact:
ara_api_configuration: "{'{{ ara_env }}': {{ reconciled_configuration }} }"
ara_api_configuration: "{'{{ ara_api_env }}': {{ reconciled_configuration }} }"
no_log: yes
- name: Set up the ARA API configuration file
@ -89,7 +89,7 @@
---
# Managed by the ara Ansible role
{{ ara_api_configuration | to_nice_yaml(indent=2) }}
dest: "{{ ara_settings }}"
dest: "{{ ara_api_settings }}"
mode: 0750
notify:
- restart ara-api

8
roles/ara/tasks/database_engine/django.db.backends.sqlite3.yaml → roles/ara_api/tasks/database_engine/django.db.backends.sqlite3.yaml
View File

@ -17,14 +17,14 @@
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Ensure the database directory exists
become: "{{ (ansible_user_dir in ara_database_name) | ternary(false, true) }}"
become: "{{ (ansible_user_dir in ara_api_database_name) | ternary(false, true) }}"
file:
path: "{{ ara_database_name | dirname }}"
path: "{{ ara_api_database_name | dirname }}"
state: directory
- name: Run SQL migrations
become: "{{ (ansible_user_dir in ara_database_name) | ternary(false, true) }}"
become: "{{ (ansible_user_dir in ara_api_database_name) | ternary(false, true) }}"
environment:
ARA_SETTINGS: "{{ ara_settings }}"
ARA_SETTINGS: "{{ ara_api_settings }}"
PATH: "{{ path_with_virtualenv | default(omit) }}"
command: ara-manage migrate

14
roles/ara/tasks/install/source.yaml → roles/ara_api/tasks/install/source.yaml
View File

@ -18,18 +18,18 @@
- name: Prepare git repository for ara
git:
repo: "{{ ara_source }}"
dest: "{{ ara_source_checkout }}"
version: "{{ (ara_install_version == 'latest') | ternary('HEAD', ara_install_version) }}"
repo: "{{ ara_api_source }}"
dest: "{{ ara_api_source_checkout }}"
version: "{{ (ara_api_version == 'latest') | ternary('HEAD', ara_api_version) }}"
- name: Install ara
pip:
name: "{{ ara_source_checkout }}"
name: "{{ ara_api_source_checkout }}"
state: present
virtualenv: "{{ ara_venv | bool | ternary(ara_venv_path, omit) }}"
virtualenv: "{{ ara_api_venv | bool | ternary(ara_api_venv_path, omit) }}"
virtualenv_python: python3
- name: Prefix the virtualenv bin directory to PATH
set_fact:
path_with_virtualenv: "{{ ara_venv_path }}/bin:{{ ansible_env.PATH }}"
when: ara_venv | bool
path_with_virtualenv: "{{ ara_api_venv_path }}/bin:{{ ansible_env.PATH }}"
when: ara_api_venv | bool

13
roles/ara/tasks/main.yaml → roles/ara_api/tasks/main.yaml
View File

@ -26,17 +26,18 @@
include_tasks: pre-requirements.yaml
- name: Include installation of ARA
include_tasks: "install/{{ ara_install_method }}.yaml"
include_tasks: "install/{{ ara_api_install_method }}.yaml"
- name: Include configuration of the ARA API
include_tasks: config.yaml
- name: Include configuration of the database engine
include_tasks: "database_engine/{{ ara_database_engine }}.yaml"
include_tasks: "database_engine/{{ ara_api_database_engine }}.yaml"
- name: Include installation of the WSGI backend server
include_tasks: "wsgi_server/{{ ara_wsgi_server }}.yaml"
include_tasks: "wsgi_server/{{ ara_api_wsgi_server }}.yaml"
- name: Include installation of the web server
include_tasks: "web_server/{{ ara_web_server }}.yaml"
when: ara_web_server is not none
- name: Include installation of the frontend server
include_role:
name: "ara_frontend_{{ ara_api_frontend_server }}"
when: ara_api_frontend_server is not none

24
roles/ara/tasks/pre-requirements.yaml → roles/ara_api/tasks/pre-requirements.yaml
View File

@ -36,15 +36,15 @@
- name: Retrieve list of missing required packages
set_fact:
ara_missing_packages: "{{ ara_required_packages | difference(ansible_facts.packages.keys()) }}"
ara_api_missing_packages: "{{ ara_api_required_packages | difference(ansible_facts.packages.keys()) }}"
# Only attempt to elevate privileges if there are any missing packages
- when: ara_missing_packages | length > 0
- when: ara_api_missing_packages | length > 0
block:
- name: Install required packages
become: yes
package:
name: "{{ ara_required_packages }}"
name: "{{ ara_api_required_packages }}"
state: present
rescue:
- name: Fail due to missing packages
@ -53,23 +53,23 @@
# The following tasks dynamically enable escalated privileges only when the
# directory to create is not located in the user's home directory.
- name: Ensure ara_root_dir exists
become: "{{ (ansible_user_dir in ara_root_dir) | ternary(false, true) }}"
- name: Ensure ara_api_root_dir exists
become: "{{ (ansible_user_dir in ara_api_root_dir) | ternary(false, true) }}"
file:
path: "{{ ara_root_dir }}"
path: "{{ ara_api_root_dir }}"
state: directory
mode: 0755
- name: Ensure ara_base_dir exists
become: "{{ (ansible_user_dir in ara_base_dir) | ternary(false, true) }}"
- name: Ensure ara_api_base_dir exists
become: "{{ (ansible_user_dir in ara_api_base_dir) | ternary(false, true) }}"
file:
path: "{{ ara_base_dir }}"
path: "{{ ara_api_base_dir }}"
state: directory
mode: 0750
- name: Ensure ara_log_dir exists
become: "{{ (ansible_user_dir in ara_log_dir) | ternary(false, true) }}"
- name: Ensure ara_api_log_dir exists
become: "{{ (ansible_user_dir in ara_api_log_dir) | ternary(false, true) }}"
file:
path: "{{ ara_log_dir }}"
path: "{{ ara_api_log_dir }}"
state: directory
mode: 0750

2
roles/ara/tasks/wsgi_server/gunicorn.yaml → roles/ara_api/tasks/wsgi_server/gunicorn.yaml
View File

@ -20,7 +20,7 @@
pip:
name: gunicorn
state: present
virtualenv: "{{ ara_venv | bool | ternary(ara_venv_path, omit) }}"
virtualenv: "{{ ara_api_venv | bool | ternary(ara_api_venv_path, omit) }}"
virtualenv_python: python3
- become: yes

10
roles/ara/templates/ara-api.service.j2 → roles/ara_api/templates/ara-api.service.j2
View File

@ -6,12 +6,12 @@ After=network.target
PIDFile=/run/ara-api/pid
User={{ ansible_user }}
RuntimeDirectory=ara-api
WorkingDirectory={{ ara_root_dir }}
Environment=ARA_SETTINGS={{ ara_settings }}
{% if ara_venv %}
ExecStart={{ ara_venv_path }}/bin/gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_wsgi_bind }} ara.server.wsgi
WorkingDirectory={{ ara_api_root_dir }}
Environment=ARA_SETTINGS={{ ara_api_settings }}
{% if ara_api_venv %}
ExecStart={{ ara_api_venv_path }}/bin/gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_api_wsgi_bind }} ara.server.wsgi
{% else %}
ExecStart=gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_wsgi_bind }} ara.server.wsgi
ExecStart=gunicorn --pid /run/ara-api/pid --workers=4 --bind {{ ara_api_wsgi_bind }} ara.server.wsgi
{% endif %}
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

6
roles/ara/vars/Fedora.yaml → roles/ara_api/vars/Fedora.yaml
View File

@ -16,12 +16,8 @@
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_required_packages:
ara_api_required_packages:
- git
- python3-virtualenv
- python3-libselinux
- policycoreutils-python-utils
ara_nginx_user: nginx
ara_nginx_group: nginx
ara_nginx_config_path: /etc/nginx/conf.d

21
roles/ara_api/vars/Ubuntu.yaml Normal file
View File

@ -0,0 +1,21 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_api_required_packages:
- git
- python3-venv

56
roles/ara_frontend_nginx/README.rst Normal file
View File

@ -0,0 +1,56 @@
ansible-role-ara-frontend-nginx
===============================
A role for deploying a minimal installation of nginx for ara-api and ara-web.
This role is not meant to be used on it's own, it should be included by the
``ara_api`` and ``ara_web`` roles in order to have the necessary variables
available.
It is currently tested and supported against Ubuntu 18.04 and Fedora 29.
Role Variables
--------------
- ``ara_api_frontend_vhost``: Path to a custom nginx vhost configuration file for ara-api.
Example playbook
----------------
Install ARA and set up the API to be served by nginx with a custom vhost configuration
in front of gunicorn::
# Requires superuser privileges to set up nginx and the ara-api service
# The API will be reachable at http://api.ara.example.org
- name: Install ARA and set up the API to be served by nginx in front of gunicorn
hosts: all
gather_facts: yes
vars:
ara_api_frontend_server: nginx
ara_api_wsgi_server: gunicorn
ara_api_fqdn: api.ara.example.org
ara_api_allowed_hosts:
- api.ara.example.org
ara_api_frontend_vhost: custom_vhost.conf.j2
roles:
- ara_api
Copyright
---------
::
Copyright (c) 2019 Red Hat, Inc.
ARA Records Ansible is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
ARA Records Ansible is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.

24
roles/ara_frontend_nginx/handlers/main.yaml Normal file
View File

@ -0,0 +1,24 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: restart nginx
become: yes
service:
name: nginx
state: restarted
when: ara_nginx_enabled is not changed

11
roles/ara/tasks/web_server/nginx.yaml → roles/ara_frontend_nginx/tasks/main.yaml
View File

@ -16,6 +16,12 @@
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Include OS family/distribution specific variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- become: yes
block:
- name: Install nginx
@ -32,10 +38,13 @@
- name: Set up the ARA API nginx vhost
template:
src: "{{ ara_nginx_api_vhost | default('nginx-ara-api.conf.j2') }}"
src: "{{ ara_api_frontend_vhost | default('ara-api.conf.j2') }}"
dest: "{{ ara_nginx_config_path }}/ara-api.conf"
notify:
- restart nginx
when:
- ara_api_fqdn is defined
- ara_api_wsgi_bind is defined
- name: Enable the nginx configuration on Debian-like systems
file:

2
roles/ara/templates/nginx-ara-api.conf.j2 → roles/ara_frontend_nginx/templates/ara-api.conf.j2
View File

@ -1,7 +1,7 @@
upstream ara_api {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
server {{ ara_wsgi_bind }} fail_timeout=0;
server {{ ara_api_wsgi_bind }} fail_timeout=0;
}
server {

21
roles/ara_frontend_nginx/vars/Fedora.yaml Normal file
View File

@ -0,0 +1,21 @@
---
# Copyright (c) 2019 Red Hat, Inc.
#
# This file is part of ARA Records Ansible.
#
# ARA Records Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ARA Records Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_nginx_user: nginx
ara_nginx_group: nginx
ara_nginx_config_path: /etc/nginx/conf.d

4
roles/ara/vars/Ubuntu.yaml → roles/ara_frontend_nginx/vars/Ubuntu.yaml
View File

@ -16,10 +16,6 @@
# You should have received a copy of the GNU General Public License
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
ara_required_packages:
- git
- python3-venv
ara_nginx_user: www-data
ara_nginx_group: www-data
ara_nginx_config_path: /etc/nginx/sites-available