Refactor installation, configuration and web server implementation

- Nest configuration defaults under a single dictionary
- Split webserver configuration in different trees
- Set up a user for ARA (consistent with packaging)
- Embedded service now runs under the ara user
- We no longer need or expect /var/www/ara
- Configuration is now in /etc/ara
- Database is now in /var/lib/ara
- Logs are now in /var/log/ara
- Embedded service now relies on /etc/ara/ara.cfg for configuration
- Use ini_file instead of a template for ara.cfg

Change-Id: I64e13c5c35e31245f95c85aeeaf4e4b5acda0924
This commit is contained in:
David Moreau Simard 2018-04-25 08:57:29 -04:00
parent 7b2d04f850
commit 11fd3ad042
No known key found for this signature in database
GPG Key ID: 33A07694CBB71ECC
10 changed files with 181 additions and 166 deletions

View File

@ -13,21 +13,23 @@
# License for the specific language governing permissions and limitations
# under the License.
# Default paths where an ansible.cfg file is expected
default_embedded_config_path: "{{ lookup('env','HOME') }}"
default_wsgi_config_path: "/var/www/ara"
# Override the path where an ansible.cfg file will be used
# config_path:
# Host to listen on for embedded server or apache
ara_host: "{{ ansible_default_ipv4.address }}"
# Port to listen on for embedded server or apache
ara_port: "9191"
# To deploy with apache server, set use_apache_server to True
# When use_apache_server is False, the deployment will use embedded
# server
use_apache_server: False
ara:
config:
database: "sqlite:////var/lib/ara/ansible.sqlite"
# Host to listen on for embedded server, apache or nginx
host: "{{ ansible_default_ipv4.address }}"
# Port to listen on for embedded server or apache
port: 9191
# Root (or prefix) for the web application location
application_root: /
# Directory where files are stored by default
dir: /var/lib/ara
# Path to the logging configuration
logconfig: /etc/ara/logging.yml
# Where logs are located
logfile: /var/log/ara/ara.log
deployment:
# Server (apache, embedded, nginx)
server: embedded
# Type (mod_wsgi, standalone, embedded-proxy, etc.)
type: standalone

55
tasks/apache/mod_wsgi.yml Normal file
View File

@ -0,0 +1,55 @@
- name: Install required dependencies for mod_wsgi
become: true
package:
name: "{{ item }}"
state: "present"
with_items: "{{ required_wsgi_packages }}"
- name: Get status of selinux
become: true
command: getenforce
register: selinux_status
when: ansible_os_family == "RedHat"
- name: Set selinux boolean to allow Apache to manage the files
become: true
seboolean:
name: httpd_unified
state: yes
when:
- ansible_os_family == "RedHat"
- selinux_status.stdout == "Enforcing"
- name: Get the location of the WSGI script
command: which ara-wsgi
register: wsgi_location
changed_when: false
- name: Set the location of the WSGI script
set_fact:
wsgi_script: "{{ wsgi_location.stdout }}"
- name: Set up Apache configuration
become: true
template:
src: apache_mod_wsgi.conf.j2
dest: "{{ apache_config_path }}/ara.conf"
owner: root
group: root
mode: 0644
notify:
- restart apache
- name: Ensure Apache server is started
become: true
systemd:
state: started
name: "{{ apache_service }}"
enabled: true
- name: Ensure the configuration is enabled
become: true
command: a2ensite ara
when: ansible_os_family == "Debian"
notify:
- restart apache

View File

@ -1,64 +0,0 @@
---
- block:
- name: Install required dependencies for mod_wsgi
package:
name: "{{ item }}"
state: "present"
with_items: "{{ required_wsgi_packages }}"
- name: Get status of selinux
command: getenforce
register: selinux_status
when: ansible_os_family == "RedHat"
- name: Set selinux boolean to allow Apache to manage the files
seboolean:
name: httpd_unified
state: yes
when:
- ansible_os_family == "RedHat"
- selinux_status.stdout == "Enforcing"
- name: Set ara_config_path when using mod_wsgi
set_fact:
ara_config_path: "{{ config_path | default(default_wsgi_config_path) }}"
- name: Ensure configuration directory for Ansible and ARA exists
file:
path: "{{ ara_config_path }}"
owner: "{{ apache_user }}"
group: "{{ apache_group }}"
state: directory
recurse: yes
- name: Create default configuration file if one does not exist
template:
src: templates/ansible.cfg.j2
dest: "{{ ara_config_path }}/ansible.cfg"
force: no
- name: Copy ARA WSGI script to the config path
shell: cp -p $(which ara-wsgi) {{ ara_config_path }}
- name: Set up Apache configuration
template:
src: templates/ara.conf.j2
dest: "{{ apache_config_path }}/ara.conf"
owner: root
group: root
mode: 0644
notify:
- restart apache
- name: Ensure Apache server is started
systemd:
state: started
name: "{{ apache_service }}"
enabled: true
- name: Ensure the configuration is enabled
command: a2ensite ara
when: ansible_os_family == "Debian"
notify:
- restart apache
become: true

View File

@ -0,0 +1,26 @@
- name: Get the location of ara-manage
command: which ara-manage
register: ara_manage
changed_when: false
- name: Copy systemd service template
become: true
template:
src: templates/ara_service.conf.j2
dest: /etc/systemd/system/ara.service
owner: root
group: root
mode: 0644
notify:
- reload systemctl daemon
- restart ara
- name: Flush handlers
meta: flush_handlers
- name: Ensure the embedded server service is started and enabled
become: true
systemd:
name: ara
state: started
enabled: yes

View File

@ -1,42 +0,0 @@
- block:
- name: Set ara_config_path when using embedded_server
set_fact:
ara_config_path: "{{ config_path | default(default_embedded_config_path) }}"
- name: Ensure configuration directory for ARA exists
file:
path: "{{ ara_config_path }}"
state: directory
recurse: yes
- name: Create default configuration file if one does not exist
template:
src: templates/ansible.cfg.j2
dest: "{{ ara_config_path }}/ansible.cfg"
force: no
- name: Get the location of ara-manage
command: which ara-manage
register: ara_manage
changed_when: false
- name: Copy systemd service template
template:
src: templates/ara-service.conf.j2
dest: /etc/systemd/system/ara.service
owner: root
group: root
mode: 0644
notify:
- reload systemctl daemon
- restart ara
- name: Flush handlers
meta: flush_handlers
- name: Ensure the embedded server service is started and enabled
systemd:
name: ara
state: started
enabled: yes
become: true

View File

@ -20,48 +20,85 @@
- "{{ ansible_os_family }}.yml"
- name: Install required dependencies
become: true
package:
name: "{{ item }}"
state: "present"
with_items: "{{ required_packages }}"
become: true
- name: Install pip
become: true
easy_install:
name: pip
state: present
become: true
- name: Install ARA with pip
become: true
pip:
name: ara
state: present
- name: Create user for ARA
become: true
user:
name: ara
comment: User for ARA Records Ansible
shell: /sbin/nologin
home: /var/lib/ara
- include_tasks: apache_server.yml
when: use_apache_server
- name: Create ARA directories
become: true
file:
path: "{{ item }}"
state: directory
owner: ara
group: ara
mode: 0750
with_items:
- /var/log/ara
- /var/lib/ara
- /etc/ara
- include_tasks: embedded_server.yaml
when: not use_apache_server
- name: Create the ARA configuration file
become: true
ini_file:
path: /etc/ara/ara.cfg
section: ara
option: "{{ item.key }}"
value: "{{ item.value }}"
create: yes
owner: ara
group: ara
mode: 0640
with_dict: "{{ ara.config }}"
notify:
- restart ara
- name: Get ARA installed location
shell: python -c "import os,ara; print(os.path.dirname(ara.__file__))"
register: ara_location
changed_when: false
- name: Enable ARA callback plugin
ini_file:
dest: "{{ ara_config_path }}/ansible.cfg"
section: defaults
option: callback_plugins
value: "{{ ara_location.stdout }}/plugins/callbacks"
- name: Enable ARA Ansible configuration
become: true
ini_file:
dest: /etc/ara/ara.cfg
section: defaults
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- { option: local_tmp, value: /var/lib/ara/.ansible/ }
- { option: callback_plugins, value: "{{ ara_location.stdout }}/plugins/callbacks" }
- { option: action_plugins, value: "{{ ara_location.stdout }}/plugins/actions" }
- name: Include web server configuration
include_tasks: "{{ ara.deployment.server }}/{{ ara.deployment.type }}.yml"
- name: Provide web application URL
vars:
msg: >-
ARA was installed succesfully !
The web application should now be reachable at http://{{ ara_host }}:{{ ara_port }} !
The web application should now be reachable at http://{{ ara.config.host }}:{{ ara.config.port }} !
To customize the host and port on which the application listens to, override the defaults for the ara_host and ara_port variables.
Data from recorded playbooks will be available in the interface as soon as you run your first ansible-playbook command.
debug:
@ -70,10 +107,11 @@
- name: Provide instructions
vars:
msg: >-
We've set up an ansible.cfg file for you inside {{ ara_config_path }}.
Make sure to have Ansible and ARA use it for everything to work properly.
We've set up a configuration file for you in /etc/ara/ara.cfg.
The ARA service is already using this configuration but you'll need to make sure Ansible is using it so that Ansible knows where ARA is located.
This can be done from using Ansible or the ARA CLI commands directly from that directory or by using the ANSIBLE_CONFIG environment variable, like so:
export ANSIBLE_CONFIG={{ ara_config_path }}/ansible.cfg
export ANSIBLE_CONFIG=/etc/ara/ara.cfg
ansible-playbook playbook.yml
debug:
msg: "{{ msg.split('\n') }}"

View File

@ -1,7 +0,0 @@
[defaults]
# This directory is required to store temporary files for Ansible and ARA
local_tmp = {{ ara_config_path }}/.ansible/tmp
[ara]
# This will default the database and logs location to be inside that directory.
dir = {{ ara_config_path }}/.ara

View File

@ -0,0 +1,21 @@
<VirtualHost *:80>
ServerName {{ ara.config.host }}
ErrorLog {{ apache_log_path }}/ara-error.log
LogLevel warn
CustomLog {{ apache_log_path }}/ara-access.log combined
<Directory "{{ wsgi_script | dirname }}">
<Files "ara-wsgi">
Allow from all
Satisfy Any
</Files>
</Directory>
WSGIDaemonProcess ara user=ara group=ara processes=1 threads=4
WSGIScriptAlias {{ ara.config.application_root }} {{ wsgi_script }}
WSGIProcessGroup ara
WSGIApplicationGroup %{GLOBAL}
SetEnv ANSIBLE_CONFIG /etc/ara/ara.cfg
</VirtualHost>

View File

@ -1,18 +0,0 @@
<VirtualHost *:{{ ara_port }}>
ServerName {{ ara_host }}
ErrorLog {{ apache_log_path }}/ara-error.log
LogLevel warn
CustomLog {{ apache_log_path }}/ara-access.log combined
WSGIDaemonProcess ara user={{ apache_user }} group={{ apache_group }} processes=1 threads=4
WSGIScriptAlias / /var/www/ara/ara-wsgi
SetEnv ANSIBLE_CONFIG {{ ara_config_path }}
<Directory /var/www/ara>
WSGIProcessGroup ara
WSGIApplicationGroup %{GLOBAL}
Require all granted
</Directory>
</VirtualHost>

View File

@ -1,5 +1,6 @@
[Unit]
Description=ARA
Documentation=https://github.com/openstack/ara
After=network.target
[Service]
@ -8,7 +9,10 @@ TimeoutStartSec=0
Restart=on-failure
RestartSec=10
RemainAfterExit=yes
ExecStart={{ ara_manage.stdout }} runserver -h {{ ara_host }} -p {{ ara_port }}
User=ara
Group=ara
Environment=ANSIBLE_CONFIG=/etc/ara/ara.cfg
ExecStart={{ ara_manage.stdout }} runserver
[Install]
WantedBy=multi-user.target