Added ansible configuration to deploy roadmap.

Change-Id: Id9c00f87faa17fa18b4c76e2dd005c3baf31cebf

22 files changed, 327 insertions, 0 deletions

diff --git a/ansible/README b/ansible/README
new file mode 100644
index 0000000..ccb0130
--- /dev/null
+++ b/ansible/README
@@ -0,0 +1,10 @@
+To run the configuration, it is necessary to fill in the secrets.yml file
+with the correct user names and passwords for the service used.
+
+The secrets.yml file contains variables for:
+ - Crowd user name and password
+ - Jira user name and password
+
+ Those values are necessary for the local_settings.py file to run the
+ application.
+ 
\ No newline at end of file
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
new file mode 100644
index 0000000..8a32cd0
--- /dev/null
+++ b/ansible/group_vars/all
@@ -0,0 +1,7 @@
+# Common variables.
+install_base: /srv
+roadmap_repo: http://git.linaro.org/git/infrastructure/roadmap.git
+apache_user: www-data
+crowd_url: https://login.linaro.org:8443/crowd/rest
+jira_server: https://cards.linaro.org
+jira_sfid: 10301
diff --git a/ansible/hosts b/ansible/hosts
new file mode 100644
index 0000000..dd5fb49
--- /dev/null
+++ b/ansible/hosts
@@ -0,0 +1,3 @@
+[all]
+staging.status.linaro.org ansible_ssh_user=ubuntu role=staging install_dir=staging.status.linaro.org
+status.linaro.org ansible_ssh_user=ubuntu role=production install_dir=status.linaro.org
diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml
new file mode 100644
index 0000000..7ec48c2
--- /dev/null
+++ b/ansible/roles/common/handlers/main.yml
@@ -0,0 +1,8 @@
+-   name: restart-apache
+    service: name=apache2 state=restarted
+
+-   name: stop-apache
+    service: name=apache2 state=stopped
+
+-   name: reload-apache
+    service: name=apache2 state=reloaded
diff --git a/ansible/roles/common/tasks/apache.yml b/ansible/roles/common/tasks/apache.yml
new file mode 100644
index 0000000..8f05d84
--- /dev/null
+++ b/ansible/roles/common/tasks/apache.yml
@@ -0,0 +1,18 @@
+# Enables necessary Apache modules and disables websites.
+-   name: enable-modules
+    command: a2enmod {{ item }}
+    with_items:
+        - wsgi
+        - headers
+        - expires
+    notify: restart-apache
+
+-   name: disable-sites
+    command: a2dissite {{ item }}
+    with_items:
+        - default
+    notify: restart-apache
+
+# Make sure the web server is running.
+-   name: apache2-started
+    service: name=apache2 state=started enabled=yes
diff --git a/ansible/roles/common/tasks/install_deps.yml b/ansible/roles/common/tasks/install_deps.yml
new file mode 100644
index 0000000..775f4bf
--- /dev/null
+++ b/ansible/roles/common/tasks/install_deps.yml
@@ -0,0 +1,15 @@
+# Install all dependencies required by roadmap.
+-   name: install-os-deps
+    apt: name={{ item }}
+    with_items:
+        - apache2
+        - libapache2-mod-wsgi
+        - git
+        - python-pip
+        - python-tz
+
+# PIP installation if necessary.
+-   name: install-pip-deps
+    pip: name={{ item }}
+    with_items:
+        - virtualenvwrapper
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
new file mode 100644
index 0000000..1aa5b62
--- /dev/null
+++ b/ansible/roles/common/tasks/main.yml
@@ -0,0 +1,3 @@
+# Common tasks for all instances (production and staging).
+- include: install_deps.yml
+- include: apache.yml
diff --git a/ansible/roles/status/tasks/apache_conf.yml b/ansible/roles/status/tasks/apache_conf.yml
new file mode 100644
index 0000000..1c9e797
--- /dev/null
+++ b/ansible/roles/status/tasks/apache_conf.yml
@@ -0,0 +1,11 @@
+-   name: apache-website-conf
+    template: src=apache_website.conf dest=/etc/apache2/sites-available/{{ install_dir }} owner=root group=root mode=0644
+    tags:
+        - apache-conf
+    notify: reload-apache
+
+-   name: apache-website-enable
+    command: a2ensite {{ install_dir }}
+    notify: reload-apache
+    tags:
+        - apache-enable
diff --git a/ansible/roles/status/tasks/clone_code.yml b/ansible/roles/status/tasks/clone_code.yml
new file mode 100644
index 0000000..c64cdc8
--- /dev/null
+++ b/ansible/roles/status/tasks/clone_code.yml
@@ -0,0 +1,6 @@
+# Clone roadmap/status code and fix files and dirs permission.
+-   name: clone-roadmap
+    git: name={{ roadmap_repo }} dest={{ install_base }}/{{ install_dir }}
+
+-   name: fix-repo-owner
+    file: path={{ install_base}}/{{ install_dir }} recurse=yes owner={{ apache_user }} group={{ apache_user }}
diff --git a/ansible/roles/status/tasks/cronjobs.yml b/ansible/roles/status/tasks/cronjobs.yml
new file mode 100644
index 0000000..e650270
--- /dev/null
+++ b/ansible/roles/status/tasks/cronjobs.yml
@@ -0,0 +1,10 @@
+# Install necessary cronjobs.
+-   name: copy-update-script
+    template: src=roadmap_update_cron.sh dest={{ install_base }}/{{ install_dir }}/bin/roadmap_update_cron.sh owner={{ apache_user }} group={{ apache_user }} mode=0770
+    tags:
+        - cronjob
+
+-   name: install-update-cronjob
+    cron: name='Update cards' cron_file={{ install_dir }} state=present user={{ apache_user }} job={{ install_base }}/{{ install_dir }}/bin/roadmap_update_cron.sh minute=0 hour=0
+    tags:
+        - cronjob
diff --git a/ansible/roles/status/tasks/install_roadmap.yml b/ansible/roles/status/tasks/install_roadmap.yml
new file mode 100644
index 0000000..d998683
--- /dev/null
+++ b/ansible/roles/status/tasks/install_roadmap.yml
@@ -0,0 +1,35 @@
+# Install roadmap via virtualenv.
+-   name: roadmap-log-directory
+    file: path=/var/log/roadmap state=directory owner={{ apache_user }} group={{apache_user }}
+
+-   name: create-virtualenv
+    command: virtualenv --system-site-packages {{ install_base }}/virtualenv/{{ install_dir }}
+
+-   name: install-requirements
+    pip: virtualenv={{ install_base }}/virtualenv/{{ install_dir }} requirements={{ install_base }}/{{ install_dir }}/requirements.txt
+
+# Roadmap installation steps.
+-   name: roadmap-django-syncdb
+    django_manage: command=syncdb virtualenv={{ install_base }}/virtualenv/{{ install_dir }} app_path={{install_base }}/{{ install_dir }}
+
+-   name: roadmap-django-migrate
+    django_manage: command=migrate virtualenv={{ install_base }}/virtualenv/{{ install_dir }} app_path={{install_base }}/{{ install_dir }}
+
+-   name: roadmap-static-files
+    file: state=directory src={{ install_base }}/{{ install_dir }}/roadmap/static dest=/var/www/{{ install_dir }}/static/
+
+-   name: roadmap-django-collectstatic
+    django_manage: command=collectstatic virtualenv={{ install_base }}/virtualenv/{{ install_dir }} app_path={{install_base }}/{{ install_dir }}
+
+# Make sure everything can be accessed by the Apache user.
+-   name: fix-virtualenv-ownership
+    file: path={{ install_base }}/virtualenv recurse=yes owner={{ apache_user }} group={{ apache_user }}
+
+-   name: fix-roadmap-install-ownership
+    file: path={{ install_base }}/{{ install_dir }} owner={{ apache_user }} group={{ apache_user }} recurse=yes
+
+-   name: fix-roadmap-static-ownership
+    file: path=/var/www/{{ install_dir }} recurse=yes owner={{ apache_user }} group={{ apache_user }}
+
+-   name: fix-roadmap-log-ownership
+    file: path=/var/log/roadmap recurse=yes owner={{ apache_user }} group={{ apache_user }}
diff --git a/ansible/roles/status/tasks/local_settings.yml b/ansible/roles/status/tasks/local_settings.yml
new file mode 100644
index 0000000..9790836
--- /dev/null
+++ b/ansible/roles/status/tasks/local_settings.yml
@@ -0,0 +1,6 @@
+# Create the local_settings file and fix its ownership.
+-   name: local-settings
+    template: src=local_settings.py dest={{ install_base }}/{{ install_dir }}/linaroroadmap
+
+-   name: fix-local-settings-ownership
+    file: path={{ install_base }}/{{ install_dir }}/linaroroadmap/local_settings.py owner={{ apache_user }} group={{ apache_user }}
diff --git a/ansible/roles/status/tasks/main.yml b/ansible/roles/status/tasks/main.yml
new file mode 100644
index 0000000..26bdebe
--- /dev/null
+++ b/ansible/roles/status/tasks/main.yml
@@ -0,0 +1,6 @@
+-   include: clone_code.yml
+-   include: local_settings.yml
+-   include: install_roadmap.yml
+-   include: wsgi.yml
+-   include: apache_conf.yml
+-   include: cronjobs.yml
diff --git a/ansible/roles/status/tasks/wsgi.yml b/ansible/roles/status/tasks/wsgi.yml
new file mode 100644
index 0000000..dd52c0d
--- /dev/null
+++ b/ansible/roles/status/tasks/wsgi.yml
@@ -0,0 +1,6 @@
+# Install the correct WSGI script.
+-   name: install-wsgi
+    template: src=roadmap.wsgi dest={{ install_base }}/{{ install_dir }}/{{ install_dir }}.wsgi owner={{ apache_user }} group={{ apache_user }} mode=0744
+    tags:
+        - wsgi
+    notify: restart-apache
diff --git a/ansible/roles/status/templates/apache_production.conf b/ansible/roles/status/templates/apache_production.conf
new file mode 100644
index 0000000..bc3aa7e
--- /dev/null
+++ b/ansible/roles/status/templates/apache_production.conf
@@ -0,0 +1,56 @@
+<VirtualHost *:80>
+    ServerName {{ install_dir }}
+    ServerAdmin webmaster@linaro.org
+
+    Redirect permanent / https://{{ install_dir }}
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ install_dir }}
+    ServerAdmin webmaster@linaro.org
+
+    CustomLog ${APACHE_LOG_DIR}/{{ install_dir }}-access.log combined
+    ErrorLog ${APACHE_LOG_DIR}/{{ install_dir }}-error.log
+
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/{{ install_dir }}.crt
+    SSLCertificateKeyFile /etc/ssl/certs/{{ install_dir }}.key
+    SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt
+
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+    #DocumentRoot /var/www/{{ install_dir }}
+    WSGIScriptAlias / {{ install_base }}/{{ install_dir }}/{{ install_dir }}.wsgi
+
+    ExpiresActive   On
+    ExpiresDefault  "access plus 300 seconds"
+
+    ExpiresByType   text/css        "access plus 1 month"
+    ExpiresByType   text/javascript "access plus 1 month"
+    ExpiresByType   image/png       "access plus 1 month"
+    ExpiresByType   image/jpg       "access plus 1 month"
+    ExpiresByType   image/jpeg      "access plus 1 month"
+    ExpiresByType   image/x-icon    "access plus 1 month"
+
+    Header append Cache-Control "public, no-transform"
+
+    <FilesMatch "\.(html|htm)$">
+        Header add Cache-Control "must-revalidate"
+    </FilesMatch>
+
+    <FilesMatch "\.(js|css)$">
+        Header add Cache-Control "max-age=604800"
+    </FilesMatch>
+
+    Alias /static/ /var/www/{{ install_dir }}/static/
+    <Location "/static/">
+        Options -Indexes
+        SetOutputFilter DEFLATE
+
+        BrowserMatch ^Mozilla/4 gzip-only-text/html
+        BrowserMatch ^Mozilla/4\.0[678] no-gzip
+        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+        Header append Vary User-Agent env=!dont-vary
+    </Location>
+</VirtualHost>
diff --git a/ansible/roles/status/templates/apache_staging.conf b/ansible/roles/status/templates/apache_staging.conf
new file mode 100644
index 0000000..68e1995
--- /dev/null
+++ b/ansible/roles/status/templates/apache_staging.conf
@@ -0,0 +1,47 @@
+<VirtualHost *:80>
+    ServerName {{ install_dir }}
+    ServerAdmin webmaster@linaro.org
+
+    CustomLog ${APACHE_LOG_DIR}/{{ install_dir }}-access.log combined
+    ErrorLog ${APACHE_LOG_DIR}/{{ install_dir }}-error.log
+
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+    #DocumentRoot /var/www/{{ install_dir }}
+
+    WSGIDaemonProcess {{ install_dir }} maximum-requests=10000
+    WSGIProcessGroup {{ install_dir }}
+    WSGIScriptAlias / {{ install_base }}/{{ install_dir }}/{{ install_dir }}.wsgi
+
+    ExpiresActive   On
+    ExpiresDefault  "access plus 300 seconds"
+
+    ExpiresByType   text/css        "access plus 1 month"
+    ExpiresByType   text/javascript "access plus 1 month"
+    ExpiresByType   image/png       "access plus 1 month"
+    ExpiresByType   image/jpg       "access plus 1 month"
+    ExpiresByType   image/jpeg      "access plus 1 month"
+    ExpiresByType   image/x-icon    "access plus 1 month"
+
+    Header append Cache-Control "public, no-transform"
+
+    <FilesMatch "\.(html|htm)$">
+        Header add Cache-Control "must-revalidate"
+    </FilesMatch>
+
+    <FilesMatch "\.(js|css)$">
+        Header add Cache-Control "max-age=604800"
+    </FilesMatch>
+
+    Alias /static/ /var/www/{{ install_dir }}/static/
+    <Location "/static/">
+        Options -Indexes
+        SetOutputFilter DEFLATE
+
+        BrowserMatch ^Mozilla/4 gzip-only-text/html
+        BrowserMatch ^Mozilla/4\.0[678] no-gzip
+        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+        Header append Vary User-Agent env=!dont-vary
+    </Location>
+</VirtualHost>
diff --git a/ansible/roles/status/templates/apache_website.conf b/ansible/roles/status/templates/apache_website.conf
new file mode 100644
index 0000000..c6e763e
--- /dev/null
+++ b/ansible/roles/status/templates/apache_website.conf
@@ -0,0 +1,8 @@
+WSGIRestrictEmbedded On
+WSGILazyInitialization On
+
+{% if role == 'staging' %}
+{% extends "apache_staging.conf" %}
+{% else %}
+{% extends "apache_production.conf" %}
+{% endif %}
diff --git a/ansible/roles/status/templates/roadmap.wsgi b/ansible/roles/status/templates/roadmap.wsgi
new file mode 100644
index 0000000..dde7fd5
--- /dev/null
+++ b/ansible/roles/status/templates/roadmap.wsgi
@@ -0,0 +1,21 @@
+import os
+import sys
+import site
+
+# Add the site-packages of the chosen virtualenv to work with
+site.addsitedir('{{ install_base }}/virtualenv/{{ install_dir }}/'
+                'local/lib/python2.7/site-packages')
+
+# Add the app's directory to the PYTHONPATH
+sys.path.append('{{ install_base }}/{{ install_dir }}/')
+sys.path.append('{{ install_base }}/{{ install_dir }}/linaroroadmap/')
+
+os.environ['DJANGO_SETTINGS_MODULE'] = 'linaroroadmap.settings'
+
+# Activate your virtual env
+activate_env = os.path.expanduser(
+    "{{ install_base }}/virtualenv/{{ install_dir }}/bin/activate_this.py")
+execfile(activate_env, dict(__file__=activate_env))
+
+import django.core.handlers.wsgi
+application = django.core.handlers.wsgi.WSGIHandler()
diff --git a/ansible/roles/status/templates/roadmap_update_cron.sh b/ansible/roles/status/templates/roadmap_update_cron.sh
new file mode 100644
index 0000000..b4fdf7d
--- /dev/null
+++ b/ansible/roles/status/templates/roadmap_update_cron.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Copyright (C) 2013, 2014 Linaro
+#
+# This file is part of roadmap.
+#
+# roadmap is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# roadmap is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with roadmap.  If not, see <http://www.gnu.org/licenses/>.
+
+export WORKON_HOME={{install_base }}/virtualenv
+source /usr/local/bin/virtualenvwrapper.sh
+
+workon {{ install_dir }}
+
+cd /srv/{{ install_dir }}
+
+{% if role == 'staging' %}
+./manage.py roadmap_import --debug
+./manage.py burndown_snapshot --debug
+{% else %}
+./manage.py roadmap_import
+./manage.py burndown_snapshot
+{% endif %}
\ No newline at end of file
diff --git a/ansible/secrets.yml b/ansible/secrets.yml
new file mode 100644
index 0000000..31f12ca
--- /dev/null
+++ b/ansible/secrets.yml
@@ -0,0 +1,5 @@
+# Secrets the user need to insert.
+crowd_app_name:
+crowd_app_password:
+jira_username:
+jira_password:
diff --git a/ansible/site.yml b/ansible/site.yml
new file mode 100644
index 0000000..98e5f36
--- /dev/null
+++ b/ansible/site.yml
@@ -0,0 +1,11 @@
+# Install everything.
+
+-   hosts: all
+    gather_facts: no
+    sudo: yes
+    roles:
+        - common
+        - status
+    vars_files:
+        - secrets.yml
+ 
\ No newline at end of file
diff --git a/bin/roadmap_update.sh b/bin/roadmap_update.sh
index f05691c..06bef13 100755
--- a/bin/roadmap_update.sh
+++ b/bin/roadmap_update.sh
@@ -18,7 +18,10 @@
 
 export WORKON_HOME=/srv/virtualenv
 source /usr/local/bin/virtualenvwrapper.sh
+
 workon roadmap
+
 cd /srv/production_roadmap
+
 ./manage.py roadmap_import --debug
 ./manage.py burndown_snapshot --debug