aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMilo Casagrande <milo.casagrande@linaro.org>2014-06-10 18:25:53 +0200
committerMilo Casagrande <milo.casagrande@linaro.org>2014-06-10 18:25:53 +0200
commitd1f475549708c76850045ad1d8b82346e3b3a432 (patch)
tree608c57d391683c8d1210b87060669310f51e8758
parent123aa016f3c2fc8991e3b03bb3514eac426089bd (diff)
downloadlinaro-bugzilla-tools-d1f475549708c76850045ad1d8b82346e3b3a432.tar.gz
Complete ansible playbook.
Change-Id: I5a1554823ef6848ed93f611b17a942bcc7aab19b
-rw-r--r--ansible/group_vars/all4
-rw-r--r--ansible/host_vars/bugs.linaro.org1
-rw-r--r--ansible/host_vars/staging.bugs.linaro.org1
-rw-r--r--ansible/roles/configure-apache/tasks/main.yml54
-rw-r--r--ansible/roles/configure-apache/templates/production.conf88
-rw-r--r--ansible/roles/configure-apache/templates/staging.conf137
-rw-r--r--ansible/roles/configure-app/tasks/main.yml24
-rw-r--r--ansible/roles/configure-app/templates/localconfig16
-rw-r--r--ansible/roles/configure-db/tasks/main.yml11
-rw-r--r--ansible/roles/install-app/tasks/main.yml29
-rw-r--r--ansible/roles/install-deps/tasks/main.yml8
-rw-r--r--ansible/site.yml3
12 files changed, 371 insertions, 5 deletions
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index e536154..1eaeced 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -2,3 +2,7 @@ install_base: /srv
web_user: www-data
app_user: www-data
git_head: HEAD
+db_driver: mysql
+db_host: localhost
+db_name: bugzilla
+db_user: bugzilla
diff --git a/ansible/host_vars/bugs.linaro.org b/ansible/host_vars/bugs.linaro.org
index 05dd155..a679f27 100644
--- a/ansible/host_vars/bugs.linaro.org
+++ b/ansible/host_vars/bugs.linaro.org
@@ -1,2 +1,3 @@
hostname: bugs.linaro.org
nickname: production-bugs
+role: production
diff --git a/ansible/host_vars/staging.bugs.linaro.org b/ansible/host_vars/staging.bugs.linaro.org
index 87c2bd8..96a2515 100644
--- a/ansible/host_vars/staging.bugs.linaro.org
+++ b/ansible/host_vars/staging.bugs.linaro.org
@@ -1,2 +1,3 @@
hostname: staging.bugs.linaro.org
nickname: staging-bugs
+role: staging
diff --git a/ansible/roles/configure-apache/tasks/main.yml b/ansible/roles/configure-apache/tasks/main.yml
new file mode 100644
index 0000000..dbfd3aa
--- /dev/null
+++ b/ansible/roles/configure-apache/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+- name: Enable necessary Apache modules
+ command: a2enmod {{ item }}
+ creates=/etc/apache2/mods-enabled/{{ item }}.load
+ with_items:
+ - ssl
+ - expires
+ - headers
+ - rewrite
+ - cgi
+ notify:
+ - restart-apache
+ tags:
+ - web-server
+
+- name: Install Apache VirtualHost configuration (production)
+ template: src=production.conf
+ dest=/etc/apache2/sites-available/{{ hostname }}.conf
+ owner=root
+ group=root
+ mode=0444
+ when: role == "production"
+ notify:
+ - reload-apache
+ tags:
+ - web-server
+
+- name: Install Apache VirtualHost configuration (staging)
+ template: src=staging.conf
+ dest=/etc/apache2/sites-available/{{ hostname }}.conf
+ owner=root
+ group=root
+ mode=0444
+ when: role == "staging"
+ notify:
+ - reload-apache
+ tags:
+ - web-server
+
+- name: Disable Apache default website
+ command: a2dissite 000-default.conf
+ removes=/etc/apache2/sites-enabled/000-default.conf
+ notify:
+ - restart-apache
+ tags:
+ - web-server
+
+- name: Enable Apache bugzilla web site
+ command: a2ensite {{ hostname }}
+ creates=/etc/apache2/sites-enabled/{{ hostname }}
+ notify:
+ - restart-apache
+ tags:
+ - web-server
diff --git a/ansible/roles/configure-apache/templates/production.conf b/ansible/roles/configure-apache/templates/production.conf
new file mode 100644
index 0000000..afb365d
--- /dev/null
+++ b/ansible/roles/configure-apache/templates/production.conf
@@ -0,0 +1,88 @@
+# Managed via ansbile, do not edit!
+
+<VirtualHost *:80>
+ ServerName {{ hostname }}
+
+ Redirect permanent / https://{{ hostname }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName {{ hostname }}
+ ServerAdmin webmaster@linaro.org
+
+ DocumentRoot {{ install_base }}/{{ hostname }}
+
+ Alias /bugzilla {{ install_base }}/{{ hostname }}/
+ <Directory "{{ install_base }}/{{ hostname }}">
+ AddHandler cgi-script cgi
+ Options +ExecCGI +FollowSymLinks +Indexes
+ DirectoryIndex index.cgi
+ AllowOverride Limit FileInfo Indexes Options
+ Require all granted
+ </Directory>
+
+ CustomLog ${APACHE_LOG_DIR}/{{ hostname }}-access.log combined
+ ErrorLog ${APACHE_LOG_DIR}/{{ hostname }}-error.log
+ LogLevel info
+
+ KeepAlive On
+ KeepAliveTimeout 9
+ MaxKeepAliveRequests 150
+
+ SSLEngine On
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLCompression Off
+ SSLHonorCipherOrder On
+ SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
+ EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
+ !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
+ CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
+
+ SSLCertificateFile /etc/ssl/certs/{{ hostname }}.pem
+ SSLCertificateKeyFile /etc/ss/private/{{ hostname }}.key
+
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ ExpiresActive On
+ ExpiresDefault "access plus 300 seconds"
+
+ ExpiresByType image/png "access plus 1 month"
+ ExpiresByType image/jpg "access plus 1 month"
+ ExpiresByType image/jpeg "access plus 1 month"
+ ExpiresByType image/x-icon "access plus 1 month"
+
+ Header always set Strict-Transport-Security "max-age=63072000"
+ Header append Cache-Control "no-transform"
+
+ <FilesMatch "\.(html|htm)$">
+ Header add Cache-Control "must-revalidate"
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ Header append Vary User-Agent env=!dont-vary
+ </FilesMatch>
+
+ <FilesMatch "\.(js|css)$">
+ Header add Cache-Control "max-age=5356800"
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ Header append Vary User-Agent env=!dont-vary
+ </FilesMatch>
+
+</VirtualHost>
diff --git a/ansible/roles/configure-apache/templates/staging.conf b/ansible/roles/configure-apache/templates/staging.conf
new file mode 100644
index 0000000..8e840b0
--- /dev/null
+++ b/ansible/roles/configure-apache/templates/staging.conf
@@ -0,0 +1,137 @@
+# Managed via ansbile, do not edit!
+
+<VirtualHost *:80>
+ ServerName {{ hostname }}
+ ServerAdmin webmaster@linaro.org
+
+ CustomLog ${APACHE_LOG_DIR}/{{ hostname }}-access.log combined
+ ErrorLog ${APACHE_LOG_DIR}/{{ hostname }}-error.log
+ LogLevel info
+
+ DocumentRoot {{ install_base }}/{{ hostname }}
+
+ Alias /bugzilla {{ install_base }}/{{ hostname }}/
+ <Directory "{{ install_base }}/{{ hostname }}">
+ AddHandler cgi-script cgi
+ Options +ExecCGI +FollowSymLinks +Indexes
+ DirectoryIndex index.cgi
+ AllowOverride Limit FileInfo Indexes Options
+ Require all granted
+ </Directory>
+
+ ExpiresActive On
+ ExpiresDefault "access plus 300 seconds"
+
+ ExpiresByType image/png "access plus 1 month"
+ ExpiresByType image/jpg "access plus 1 month"
+ ExpiresByType image/jpeg "access plus 1 month"
+ ExpiresByType image/x-icon "access plus 1 month"
+
+ Header append Cache-Control "no-transform"
+
+ <FilesMatch "\.(html|htm)$">
+ Header add Cache-Control "must-revalidate"
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ Header append Vary User-Agent env=!dont-vary
+ </FilesMatch>
+
+ <FilesMatch "\.(js|css)$">
+ Header add Cache-Control "max-age=5356800"
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ Header append Vary User-Agent env=!dont-vary
+ </FilesMatch>
+
+ KeepAlive On
+ KeepAliveTimeout 9
+ MaxKeepAliveRequests 150
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName {{ hostname }}
+ ServerAdmin webmaster@linaro.org
+
+ DocumentRoot {{ install_base }}/{{ hostname }}
+
+ <Directory "{{ install_base }}/{{ hostname }}">
+ AddHandler cgi-script cgi
+ Options +ExecCGI +FollowSymLinks +Indexes
+ DirectoryIndex index.cgi index.html
+ AllowOverride Limit FileInfo Indexes Options
+ Require all granted
+ </Directory>
+
+ CustomLog ${APACHE_LOG_DIR}/{{ hostname }}-access.log combined
+ ErrorLog ${APACHE_LOG_DIR}/{{ hostname }}-error.log
+ LogLevel info
+
+ KeepAlive On
+ KeepAliveTimeout 9
+ MaxKeepAliveRequests 150
+
+ SSLEngine On
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLCompression Off
+ SSLHonorCipherOrder On
+ SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
+ EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
+ !aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
+ CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
+
+ SSLCertificateFile /etc/ssl/certs/{{ hostname }}.pem
+ SSLCertificateKeyFile /etc/ssl/private/{{ hostname }}.key
+
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ ExpiresActive On
+ ExpiresDefault "access plus 300 seconds"
+
+ ExpiresByType image/png "access plus 1 month"
+ ExpiresByType image/jpg "access plus 1 month"
+ ExpiresByType image/jpeg "access plus 1 month"
+ ExpiresByType image/x-icon "access plus 1 month"
+
+ Header always set Strict-Transport-Security "max-age=63072000"
+ Header append Cache-Control "no-transform"
+
+ <FilesMatch "\.(html|htm)$">
+ Header add Cache-Control "must-revalidate"
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ Header append Vary User-Agent env=!dont-vary
+ </FilesMatch>
+
+ <FilesMatch "\.(js|css)$">
+ Header add Cache-Control "max-age=5356800"
+ SetOutputFilter DEFLATE
+
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ Header append Vary User-Agent env=!dont-vary
+ </FilesMatch>
+
+</VirtualHost>
diff --git a/ansible/roles/configure-app/tasks/main.yml b/ansible/roles/configure-app/tasks/main.yml
new file mode 100644
index 0000000..3bc3ff8
--- /dev/null
+++ b/ansible/roles/configure-app/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Install bugzilla configuration file
+ template: src=localconfig
+ dest="{{ install_base }}/{{ hostname }}/localconfig"
+ owner={{ web_user }}
+ group={{ web_user }}
+ mode=0444
+ tags:
+ - app
+ - config
+ - secrets
+
+- name: Create bugzilla documentation
+ command: creates="{{ install_base }}/{{ hostname }}/docs/bugzilla.ent"
+ "{{ install_base }}/{{ hostname }}/docs/makedocs.pl"
+ tags:
+ - app
+
+- name: Fix documentation permissions
+ file: path="{{ install_base }}/{{ hostname }}/docs"
+ owner=root
+ group="{{ web_user }}"
+ tags:
+ - app
diff --git a/ansible/roles/configure-app/templates/localconfig b/ansible/roles/configure-app/templates/localconfig
new file mode 100644
index 0000000..c614299
--- /dev/null
+++ b/ansible/roles/configure-app/templates/localconfig
@@ -0,0 +1,16 @@
+$create_htaccess = 1;
+$webservergroup = '{{ web_user }}';
+$use_suexec = 0;
+$db_driver = '{{ db_driver }}';
+$db_host = '{{ db_host }}';
+$db_name = '{{ db_name }}';
+$db_user = '{{ db_user }}';
+$db_pass = '{{ db_pass }}';
+$db_port = 0;
+$db_sock = '';
+$db_check = 1;
+$index_html = 0;
+$cvsbin = '';
+$interdiffbin = '';
+$diffpath = '/usr/bin';
+$site_wide_secret = '{{ site_wide_secret }}';
diff --git a/ansible/roles/configure-db/tasks/main.yml b/ansible/roles/configure-db/tasks/main.yml
new file mode 100644
index 0000000..1d3a233
--- /dev/null
+++ b/ansible/roles/configure-db/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Create MySQL bugzilla database
+ mysql_db: name={{ db_name }}
+ state=present
+
+- name: Create MySQL bugzilla user
+ mysql_user: name={{ db_user }}
+ password={{ db_pass }}
+ priv={{ db_name }}.*:ALL
+ state=present
+
diff --git a/ansible/roles/install-app/tasks/main.yml b/ansible/roles/install-app/tasks/main.yml
index f7cf0e0..5f51202 100644
--- a/ansible/roles/install-app/tasks/main.yml
+++ b/ansible/roles/install-app/tasks/main.yml
@@ -1,6 +1,31 @@
---
- name: Checkout bugzilla code
- git: repo=http://git.linaro.org/git/infrastructure/bugs.linaro.org.git
- dest={{ install_base }}/{{ hostname }}
+ git: repo=git://git.linaro.org/infrastructure/bugs.linaro.org.git
+ dest="{{ install_base }}/{{ hostname }}"
version={{ git_head }}
update=yes
+ recursive=no
+ notify:
+ - restart-apache
+ tags:
+ - install
+ - app
+
+- name: Create lib/ directory
+ file: state=directory
+ path="{{ install_base }}/{{ hostname }}/lib"
+ owner=root
+ group={{ web_user }}
+ tags:
+ - install
+ - app
+
+- name: Fix cloned repo permissions
+ file: path="{{ install_base }}/{{ hostname }}"
+ state=directory
+ recurse=yes
+ owner=root
+ group={{ web_user }}
+ tags:
+ - install
+ - app
diff --git a/ansible/roles/install-deps/tasks/main.yml b/ansible/roles/install-deps/tasks/main.yml
index 7873cf5..22f0ba7 100644
--- a/ansible/roles/install-deps/tasks/main.yml
+++ b/ansible/roles/install-deps/tasks/main.yml
@@ -8,6 +8,7 @@
- bsd-mailx
- git
- ldap-utils
+ - libapache2-mod-perl2
- libappconfig-perl
- libauthen-radius-perl
- libauthen-sasl-perl
@@ -25,10 +26,8 @@
- libencode-detect-perl
- libfile-mimeinfo-perl
- libfile-slurp-perl
- - libgd
+ - libgd-gd2-perl
- libgd-graph-perl
- - libgd2
- - libgd2-xpm
- libhtml-formattext-withlinks-perl
- libhtml-scrubber-perl
- libjson-rpc-perl
@@ -47,10 +46,13 @@
- libxml-feed-perl
- libxml-perl
- libxml-twig-perl
+ - lynx
- mysql-server
- perlmagick
+ - python-mysqldb
- tree
- unzip
+ - xmlto
- zsh
tags:
- install
diff --git a/ansible/site.yml b/ansible/site.yml
index 290f1c5..fe56f1f 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -6,3 +6,6 @@
- common
- install-deps
- install-app
+ - configure-db
+ - configure-app
+ - configure-apache