Refactor installation, configuration and web server implementation
- Nest configuration defaults under a single dictionary - Split webserver configuration in different trees - Set up a user for ARA (consistent with packaging) - Embedded service now runs under the ara user - We no longer need or expect /var/www/ara - Configuration is now in /etc/ara - Database is now in /var/lib/ara - Logs are now in /var/log/ara - Embedded service now relies on /etc/ara/ara.cfg for configuration - Use ini_file instead of a template for ara.cfg Change-Id: I64e13c5c35e31245f95c85aeeaf4e4b5acda0924
This commit is contained in:
parent
7b2d04f850
commit
11fd3ad042
|
@ -13,21 +13,23 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# Default paths where an ansible.cfg file is expected
|
||||
default_embedded_config_path: "{{ lookup('env','HOME') }}"
|
||||
default_wsgi_config_path: "/var/www/ara"
|
||||
|
||||
# Override the path where an ansible.cfg file will be used
|
||||
# config_path:
|
||||
|
||||
# Host to listen on for embedded server or apache
|
||||
ara_host: "{{ ansible_default_ipv4.address }}"
|
||||
|
||||
# Port to listen on for embedded server or apache
|
||||
ara_port: "9191"
|
||||
|
||||
# To deploy with apache server, set use_apache_server to True
|
||||
# When use_apache_server is False, the deployment will use embedded
|
||||
# server
|
||||
use_apache_server: False
|
||||
|
||||
ara:
|
||||
config:
|
||||
database: "sqlite:////var/lib/ara/ansible.sqlite"
|
||||
# Host to listen on for embedded server, apache or nginx
|
||||
host: "{{ ansible_default_ipv4.address }}"
|
||||
# Port to listen on for embedded server or apache
|
||||
port: 9191
|
||||
# Root (or prefix) for the web application location
|
||||
application_root: /
|
||||
# Directory where files are stored by default
|
||||
dir: /var/lib/ara
|
||||
# Path to the logging configuration
|
||||
logconfig: /etc/ara/logging.yml
|
||||
# Where logs are located
|
||||
logfile: /var/log/ara/ara.log
|
||||
deployment:
|
||||
# Server (apache, embedded, nginx)
|
||||
server: embedded
|
||||
# Type (mod_wsgi, standalone, embedded-proxy, etc.)
|
||||
type: standalone
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
- name: Install required dependencies for mod_wsgi
|
||||
become: true
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "present"
|
||||
with_items: "{{ required_wsgi_packages }}"
|
||||
|
||||
- name: Get status of selinux
|
||||
become: true
|
||||
command: getenforce
|
||||
register: selinux_status
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Set selinux boolean to allow Apache to manage the files
|
||||
become: true
|
||||
seboolean:
|
||||
name: httpd_unified
|
||||
state: yes
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
- selinux_status.stdout == "Enforcing"
|
||||
|
||||
- name: Get the location of the WSGI script
|
||||
command: which ara-wsgi
|
||||
register: wsgi_location
|
||||
changed_when: false
|
||||
|
||||
- name: Set the location of the WSGI script
|
||||
set_fact:
|
||||
wsgi_script: "{{ wsgi_location.stdout }}"
|
||||
|
||||
- name: Set up Apache configuration
|
||||
become: true
|
||||
template:
|
||||
src: apache_mod_wsgi.conf.j2
|
||||
dest: "{{ apache_config_path }}/ara.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart apache
|
||||
|
||||
- name: Ensure Apache server is started
|
||||
become: true
|
||||
systemd:
|
||||
state: started
|
||||
name: "{{ apache_service }}"
|
||||
enabled: true
|
||||
|
||||
- name: Ensure the configuration is enabled
|
||||
become: true
|
||||
command: a2ensite ara
|
||||
when: ansible_os_family == "Debian"
|
||||
notify:
|
||||
- restart apache
|
|
@ -1,64 +0,0 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install required dependencies for mod_wsgi
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "present"
|
||||
with_items: "{{ required_wsgi_packages }}"
|
||||
|
||||
- name: Get status of selinux
|
||||
command: getenforce
|
||||
register: selinux_status
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Set selinux boolean to allow Apache to manage the files
|
||||
seboolean:
|
||||
name: httpd_unified
|
||||
state: yes
|
||||
when:
|
||||
- ansible_os_family == "RedHat"
|
||||
- selinux_status.stdout == "Enforcing"
|
||||
|
||||
- name: Set ara_config_path when using mod_wsgi
|
||||
set_fact:
|
||||
ara_config_path: "{{ config_path | default(default_wsgi_config_path) }}"
|
||||
|
||||
- name: Ensure configuration directory for Ansible and ARA exists
|
||||
file:
|
||||
path: "{{ ara_config_path }}"
|
||||
owner: "{{ apache_user }}"
|
||||
group: "{{ apache_group }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
|
||||
- name: Create default configuration file if one does not exist
|
||||
template:
|
||||
src: templates/ansible.cfg.j2
|
||||
dest: "{{ ara_config_path }}/ansible.cfg"
|
||||
force: no
|
||||
|
||||
- name: Copy ARA WSGI script to the config path
|
||||
shell: cp -p $(which ara-wsgi) {{ ara_config_path }}
|
||||
|
||||
- name: Set up Apache configuration
|
||||
template:
|
||||
src: templates/ara.conf.j2
|
||||
dest: "{{ apache_config_path }}/ara.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart apache
|
||||
|
||||
- name: Ensure Apache server is started
|
||||
systemd:
|
||||
state: started
|
||||
name: "{{ apache_service }}"
|
||||
enabled: true
|
||||
|
||||
- name: Ensure the configuration is enabled
|
||||
command: a2ensite ara
|
||||
when: ansible_os_family == "Debian"
|
||||
notify:
|
||||
- restart apache
|
||||
become: true
|
|
@ -0,0 +1,26 @@
|
|||
- name: Get the location of ara-manage
|
||||
command: which ara-manage
|
||||
register: ara_manage
|
||||
changed_when: false
|
||||
|
||||
- name: Copy systemd service template
|
||||
become: true
|
||||
template:
|
||||
src: templates/ara_service.conf.j2
|
||||
dest: /etc/systemd/system/ara.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload systemctl daemon
|
||||
- restart ara
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: Ensure the embedded server service is started and enabled
|
||||
become: true
|
||||
systemd:
|
||||
name: ara
|
||||
state: started
|
||||
enabled: yes
|
|
@ -1,42 +0,0 @@
|
|||
- block:
|
||||
- name: Set ara_config_path when using embedded_server
|
||||
set_fact:
|
||||
ara_config_path: "{{ config_path | default(default_embedded_config_path) }}"
|
||||
|
||||
- name: Ensure configuration directory for ARA exists
|
||||
file:
|
||||
path: "{{ ara_config_path }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
|
||||
- name: Create default configuration file if one does not exist
|
||||
template:
|
||||
src: templates/ansible.cfg.j2
|
||||
dest: "{{ ara_config_path }}/ansible.cfg"
|
||||
force: no
|
||||
|
||||
- name: Get the location of ara-manage
|
||||
command: which ara-manage
|
||||
register: ara_manage
|
||||
changed_when: false
|
||||
|
||||
- name: Copy systemd service template
|
||||
template:
|
||||
src: templates/ara-service.conf.j2
|
||||
dest: /etc/systemd/system/ara.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload systemctl daemon
|
||||
- restart ara
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: Ensure the embedded server service is started and enabled
|
||||
systemd:
|
||||
name: ara
|
||||
state: started
|
||||
enabled: yes
|
||||
become: true
|
|
@ -20,48 +20,85 @@
|
|||
- "{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: Install required dependencies
|
||||
become: true
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: "present"
|
||||
with_items: "{{ required_packages }}"
|
||||
become: true
|
||||
|
||||
- name: Install pip
|
||||
become: true
|
||||
easy_install:
|
||||
name: pip
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Install ARA with pip
|
||||
become: true
|
||||
pip:
|
||||
name: ara
|
||||
state: present
|
||||
|
||||
- name: Create user for ARA
|
||||
become: true
|
||||
user:
|
||||
name: ara
|
||||
comment: User for ARA Records Ansible
|
||||
shell: /sbin/nologin
|
||||
home: /var/lib/ara
|
||||
|
||||
- include_tasks: apache_server.yml
|
||||
when: use_apache_server
|
||||
- name: Create ARA directories
|
||||
become: true
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: ara
|
||||
group: ara
|
||||
mode: 0750
|
||||
with_items:
|
||||
- /var/log/ara
|
||||
- /var/lib/ara
|
||||
- /etc/ara
|
||||
|
||||
- include_tasks: embedded_server.yaml
|
||||
when: not use_apache_server
|
||||
- name: Create the ARA configuration file
|
||||
become: true
|
||||
ini_file:
|
||||
path: /etc/ara/ara.cfg
|
||||
section: ara
|
||||
option: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
create: yes
|
||||
owner: ara
|
||||
group: ara
|
||||
mode: 0640
|
||||
with_dict: "{{ ara.config }}"
|
||||
notify:
|
||||
- restart ara
|
||||
|
||||
- name: Get ARA installed location
|
||||
shell: python -c "import os,ara; print(os.path.dirname(ara.__file__))"
|
||||
register: ara_location
|
||||
changed_when: false
|
||||
|
||||
- name: Enable ARA callback plugin
|
||||
ini_file:
|
||||
dest: "{{ ara_config_path }}/ansible.cfg"
|
||||
section: defaults
|
||||
option: callback_plugins
|
||||
value: "{{ ara_location.stdout }}/plugins/callbacks"
|
||||
- name: Enable ARA Ansible configuration
|
||||
become: true
|
||||
ini_file:
|
||||
dest: /etc/ara/ara.cfg
|
||||
section: defaults
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
with_items:
|
||||
- { option: local_tmp, value: /var/lib/ara/.ansible/ }
|
||||
- { option: callback_plugins, value: "{{ ara_location.stdout }}/plugins/callbacks" }
|
||||
- { option: action_plugins, value: "{{ ara_location.stdout }}/plugins/actions" }
|
||||
|
||||
- name: Include web server configuration
|
||||
include_tasks: "{{ ara.deployment.server }}/{{ ara.deployment.type }}.yml"
|
||||
|
||||
- name: Provide web application URL
|
||||
vars:
|
||||
msg: >-
|
||||
ARA was installed succesfully !
|
||||
The web application should now be reachable at http://{{ ara_host }}:{{ ara_port }} !
|
||||
The web application should now be reachable at http://{{ ara.config.host }}:{{ ara.config.port }} !
|
||||
To customize the host and port on which the application listens to, override the defaults for the ara_host and ara_port variables.
|
||||
Data from recorded playbooks will be available in the interface as soon as you run your first ansible-playbook command.
|
||||
debug:
|
||||
|
@ -70,10 +107,11 @@
|
|||
- name: Provide instructions
|
||||
vars:
|
||||
msg: >-
|
||||
We've set up an ansible.cfg file for you inside {{ ara_config_path }}.
|
||||
Make sure to have Ansible and ARA use it for everything to work properly.
|
||||
We've set up a configuration file for you in /etc/ara/ara.cfg.
|
||||
The ARA service is already using this configuration but you'll need to make sure Ansible is using it so that Ansible knows where ARA is located.
|
||||
|
||||
This can be done from using Ansible or the ARA CLI commands directly from that directory or by using the ANSIBLE_CONFIG environment variable, like so:
|
||||
export ANSIBLE_CONFIG={{ ara_config_path }}/ansible.cfg
|
||||
export ANSIBLE_CONFIG=/etc/ara/ara.cfg
|
||||
ansible-playbook playbook.yml
|
||||
debug:
|
||||
msg: "{{ msg.split('\n') }}"
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
[defaults]
|
||||
# This directory is required to store temporary files for Ansible and ARA
|
||||
local_tmp = {{ ara_config_path }}/.ansible/tmp
|
||||
|
||||
[ara]
|
||||
# This will default the database and logs location to be inside that directory.
|
||||
dir = {{ ara_config_path }}/.ara
|
|
@ -0,0 +1,21 @@
|
|||
<VirtualHost *:80>
|
||||
ServerName {{ ara.config.host }}
|
||||
|
||||
ErrorLog {{ apache_log_path }}/ara-error.log
|
||||
LogLevel warn
|
||||
CustomLog {{ apache_log_path }}/ara-access.log combined
|
||||
|
||||
<Directory "{{ wsgi_script | dirname }}">
|
||||
<Files "ara-wsgi">
|
||||
Allow from all
|
||||
Satisfy Any
|
||||
</Files>
|
||||
</Directory>
|
||||
|
||||
WSGIDaemonProcess ara user=ara group=ara processes=1 threads=4
|
||||
WSGIScriptAlias {{ ara.config.application_root }} {{ wsgi_script }}
|
||||
WSGIProcessGroup ara
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
|
||||
SetEnv ANSIBLE_CONFIG /etc/ara/ara.cfg
|
||||
</VirtualHost>
|
|
@ -1,18 +0,0 @@
|
|||
<VirtualHost *:{{ ara_port }}>
|
||||
ServerName {{ ara_host }}
|
||||
|
||||
ErrorLog {{ apache_log_path }}/ara-error.log
|
||||
LogLevel warn
|
||||
CustomLog {{ apache_log_path }}/ara-access.log combined
|
||||
|
||||
WSGIDaemonProcess ara user={{ apache_user }} group={{ apache_group }} processes=1 threads=4
|
||||
WSGIScriptAlias / /var/www/ara/ara-wsgi
|
||||
|
||||
SetEnv ANSIBLE_CONFIG {{ ara_config_path }}
|
||||
|
||||
<Directory /var/www/ara>
|
||||
WSGIProcessGroup ara
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
</VirtualHost>
|
|
@ -1,5 +1,6 @@
|
|||
[Unit]
|
||||
Description=ARA
|
||||
Documentation=https://github.com/openstack/ara
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
|
@ -8,7 +9,10 @@ TimeoutStartSec=0
|
|||
Restart=on-failure
|
||||
RestartSec=10
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ ara_manage.stdout }} runserver -h {{ ara_host }} -p {{ ara_port }}
|
||||
User=ara
|
||||
Group=ara
|
||||
Environment=ANSIBLE_CONFIG=/etc/ara/ara.cfg
|
||||
ExecStart={{ ara_manage.stdout }} runserver
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in New Issue