-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathpleiades.yml
More file actions
379 lines (310 loc) · 11.5 KB
/
pleiades.yml
File metadata and controls
379 lines (310 loc) · 11.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
---
- name: Include NYU security playbook
ansible.builtin.import_playbook: nyu-security.yml
- name: Include anubis playbook
ansible.builtin.import_playbook: anubis.yml
- hosts: all
become: true
become_user: root
become_method: sudo
gather_facts: yes
environment:
CXX: "g++ -std=c++98" # Needed to compile libgeos in vaytrou buildout
pre_tasks:
- name: Update apt cache
apt: update_cache=yes cache_valid_time=3600
- name: Update packages
apt: upgrade=safe update_cache=yes
- name: Install default python tools
apt:
state: latest
pkg:
- python2-dev
- python-setuptools
- virtualenv
- name: Install required packages
apt:
pkg:
- build-essential
- libzip-dev
- libsqlite3-dev
- libreadline-dev
- libz-dev
- libssl-dev
- libjpeg-dev
- libfreetype6-dev
- libxslt1-dev
- libxml2-dev
- python3-selinux
- python3-semanage
- poppler-utils
- lynx
- unzip
- git
- wv
- iotop
- supervisor
- sysstat
- joe
- zip
- name: Install pleiades dependencies
apt:
pkg:
- libgeos-dev
- libspatialindex-dev
- slapd-contrib
- slapd
- libsasl2-dev
- libldap-dev
- libffi-dev
- autoconf
- patch
- name: Superlance installed
pip:
name: superlance
version: "0.11"
extra_args: "--index-url=https://pypi.python.org/simple/"
virtualenv: /srv/python27-apps
virtualenv_python: /usr/bin/python2.7
- name: Ensure plone_group
group: name=plone_group
- name: Ensure plone_daemon
user:
name=plone_daemon
group=plone_group
shell=/bin/bash
createhome=yes
generate_ssh_key=yes
- name: Ensure plone_buildout
user:
name=plone_buildout
group=plone_group
- set_fact:
instance_task:
name: pleiades-instance{{ item }}
command: /srv/python27-apps/pleiades4/bin/instance{{ item }} console
directory: /srv/python27-apps/pleiades4
user: plone_daemon
redirect_stderr: true
stopwaitsecs: 30
autostart: true
autorestart: true
with_sequence: start=1 end={{ plone_client_count }}
register: instance_task_results
tags: ['supervisor']
- set_fact:
supervisor_tasks: "{{instance_task_results.results | map(attribute='ansible_facts.instance_task') | list + supervisor_tasks}}"
tags: ['supervisor']
- set_fact:
balancer_client:
name: plone_{{ item }}
port: 840{{ item }}
with_sequence: start=2 end={{ plone_client_count >= 2 and plone_client_count or 2 }}
register: balancer_client_results
when: plone_client_count >= 2
- set_fact:
balancer_clients: "{{balancer_client_results.results | map(attribute='balancer_client') | list}}"
- name: Install virtualenv
pip:
virtualenv: /srv/python27-apps
virtualenv_python: /usr/bin/python2.7
name: setuptools
version: 42.0.2
- name: Install Pillow
pip:
virtualenv: /srv/python27-apps
name: Pillow
version: 3.3.3
- name: Check whether certificate exists
stat: "path={{ pleiades_cert_file }}"
register: ssl_certificate
tags:
- apache-install
- apacheconf
roles:
- geerlingguy.postfix
- {role: 'buildout',
base_dir: '/srv/python27-apps',
buildout_python: '/srv/python27-apps/bin/python2.7',
instance_name: 'vaytrou',
buildout_repo: 'https://github.com/isawnyu/vaytrou.git',
buildout_version: "{{ vaytrou_branch }}",
tags: ['vaytrou', 'buildout'],
}
- {role: 'buildout',
base_dir: '/srv/python27-apps',
buildout_python: '/srv/python27-apps/bin/python2.7',
instance_name: 'pleiades4',
buildout_repo: 'https://github.com/isawnyu/pleiades3-buildout.git',
buildout_version: "{{ pleiades_buildout_branch }}",
buildout_file: "{{ pleiades_buildout_file }}",
tags: ['plone4', 'buildout'],
}
- role: haproxy
listen_port: "{{ haproxy_port }}"
clients: "{{ balancer_clients }}"
tags: ['haproxy']
- role: varnish
tags:
- varnish
- role: geerlingguy.apache
apache_state: stopped
tags:
- apache-install
- apacheconf
- role: jnv.unattended-upgrades
when: enable_unattended_upgrades
tags:
- os-updates
- role: christiangda.amazon_cloudwatch_agent
when: enable_cloudwatch_agent
tags:
- cloudwatch
- role: Oefenweb.fail2ban
tags:
- fail2ban
when: install_fail2ban|default(True)
tasks:
- name: Newrelic Python config
template: src=templates/newrelic.ini.j2 dest=/srv/python27-apps/pleiades4/newrelic.ini owner=plone_daemon group=plone_group mode=0644
when: newrelic_license_key is defined
notify: Restart buildout pleiades4
- name: Apache pleiades include config
template: src=templates/pleiades-server.conf.j2 dest=/etc/apache2/conf-available/pleiades-server.conf owner=root group=root mode=0644
notify: restart apache
tags:
- apacheconf
- name: Apache pleiades site config
template: src=templates/pleiades.stoa.org.j2 dest=/etc/apache2/sites-available/pleiades.stoa.org.conf owner=root group=root mode=0644
notify: restart apache
tags:
- apacheconf
- name: Apache pleiades-api config
template: src=templates/api.pleiades.stoa.org.j2 dest=/etc/apache2/sites-available/api.pleiades.stoa.org.conf owner=root group=root mode=0644
notify: restart apache
tags:
- apacheconf
- name: Apache atlantides config
template: src=templates/atlantides.org.j2 dest=/etc/apache2/sites-available/atlantides.org.conf owner=root group=root mode=0644
notify: restart apache
tags:
- apacheconf
- name: Apache pleiades symlink
file: src=/etc/apache2/sites-available/pleiades.stoa.org.conf dest=/etc/apache2/sites-enabled/00-pleiades.stoa.org.conf state=link
notify: restart apache
tags:
- apacheconf
- name: Apache pleiades-api symlink
file: src=/etc/apache2/sites-available/api.pleiades.stoa.org.conf dest=/etc/apache2/sites-enabled/02-api.pleiades.stoa.org.conf state=link
notify: restart apache
tags:
- apacheconf
- name: Apache atlantides symlink
file: src=/etc/apache2/sites-available/atlantides.org.conf dest=/etc/apache2/sites-enabled/01-atlantides.org.conf state=link
notify: restart apache
tags:
- apacheconf
- name: Remove default vhost symlink
file: path=/etc/apache2/sites-enabled/vhosts.conf state=absent
notify: restart apache
tags:
- apacheconf
- name: MPM events conf
ansible.builtin.copy: src=files/mpm_event.conf dest=/etc/apache2/mods-enabled/mpm_event.conf owner=root group=root mode=0644
notify: restart apache
tags:
- apacheconf
- name: Mod evasive conf
ansible.builtin.copy: src=files/evasive.conf dest=/etc/apache2/mods-available/evasive.conf owner=root group=root mode=0644
notify: restart apache
tags:
- apacheconf
- name: Create pleiades vhost dir
file: path=/var/www/pleiades.stoa.org recurse=yes state=directory owner=www-data mode=0775
- name: Create pleiades vhost dir
file: path=/var/www/atlantides.org/downloads/pleiades recurse=yes state=directory owner=plone_daemon mode=0775
- name: Create atlantides dump dir
file: path=/var/www/atlantides.org/downloads/pleiades/dumps/ state=directory owner=plone_daemon mode=0775
- name: Symlink to pleiades.dump README
file: src=/srv/python27-apps/pleiades4/src/pleiades.dump/docs/README.txt dest=/var/www/atlantides.org/downloads/pleiades/dumps/README.txt state=link force=yes
- name: Create atlantides kml dir
file: path=/var/www/atlantides.org/downloads/pleiades/kml/ state=directory owner=plone_daemon mode=0775
- name: Create atlantides rdf dir
file: path=/var/www/atlantides.org/downloads/pleiades/rdf/ state=directory owner=plone_daemon mode=0775
- name: Create atlantides json dir
file: path=/var/www/atlantides.org/downloads/pleiades/json/ state=directory owner=plone_daemon mode=0755
- name: Pleiades frontpage git checkout
git:
repo=https://github.com/isawnyu/pleiades-frontpage.git
update=yes
dest=/var/www/pleiades.stoa.org/pleiades-frontpage
version={{pleiades_static_branch}}
force=yes
accept_hostkey=yes
become_user: "www-data"
tags:
- frontpage
- name: Pleiades api git checkout
git:
repo=https://github.com/isawnyu/pleiades-api.git
update=yes
dest=/var/www/pleiades.stoa.org/pleiades-api
version=master
force=yes
accept_hostkey=yes
become_user: "www-data"
- name: Create vaytrou log dir
file: path=/srv/python27-apps/vaytrou/vtdata/pleiades3-three/log recurse=yes state=directory owner=plone_daemon
- name: Set timezone
file: src=/usr/share/zoneinfo/America/New_York dest=/etc/localtime state=link owner=root force=yes
- name: Start supervisor
service: name=supervisor state=started enabled=yes
tags: ['supervisor']
- name: Start apache
service: name=apache2 state=started enabled=yes
tags:
- apache-install
- apacheconf
- name: Create ZODB var dir
file: path=/srv/python27-apps/pleiades4/var recurse=yes state=directory owner=plone_daemon
- name: Create ZODB backups dir
file: path=/srv/python27-apps/pleiades4/var/backups recurse=yes state=directory owner=plone_daemon
- name: Create supervisor tasks
template: src=templates/supervisor_task.conf.j2 dest=/etc/supervisor/conf.d/pleiades.conf
notify: Restart supervisor
tags: ['supervisor']
post_tasks:
- name: Cron sitemap
copy: src=files/pleiades-sitemap dest=/etc/cron.daily/pleiades-sitemap owner=root group=root mode=0755
when: enable_sitemap
- name: Cron kml
copy: src=files/pleiades-kmz dest=/etc/cron.daily/pleiades-kmz owner=root group=root mode=0755
- name: Cron rdf
copy: src=files/pleiades-rdf dest=/etc/cron.weekly/pleiades-rdf owner=root group=root mode=0755
- name: Cron dump all
copy: src=files/pleiades-dump-all dest=/etc/cron.daily/pleiades-dump-all owner=root group=root mode=0755
- name: cron backups
cron: name="Nightly ZODB Backup" minute="0" user="plone_daemon" hour="2" job="/srv/python27-apps/pleiades4/bin/backup"
when: enable_backups
- name: cron pack
cron: name="Weekly ZODB Pack" minute="30" user="plone_daemon" hour="3" weekday="0" job="/srv/python27-apps/pleiades4/bin/zeopack"
- name: Set a hostname
ansible.builtin.hostname:
name: "{{ pleiades_ssl_vhost }}"
handlers:
- name: Restart supervisor
service:
name: supervisor
state: restarted
tags: ['supervisor']
- name: Restart buildout pleiades4
supervisorctl:
name: pleiades-instance{{ item }}
state: restarted
with_sequence: start=1 end={{plone_client_count}}
ignore_errors: yes
- name: Restart buildout vaytrou
supervisorctl:
name: vtpleiades3
state: restarted
ignore_errors: yes