diff options
22 files changed, 327 insertions, 0 deletions
diff --git a/ansible/README b/ansible/README new file mode 100644 index 0000000..ccb0130 --- /dev/null +++ b/ansible/README @@ -0,0 +1,10 @@ +To run the configuration, it is necessary to fill in the secrets.yml file +with the correct user names and passwords for the service used. + +The secrets.yml file contains variables for: + - Crowd user name and password + - Jira user name and password + + Those values are necessary for the local_settings.py file to run the + application. +
\ No newline at end of file diff --git a/ansible/group_vars/all b/ansible/group_vars/all new file mode 100644 index 0000000..8a32cd0 --- /dev/null +++ b/ansible/group_vars/all @@ -0,0 +1,7 @@ +# Common variables. +install_base: /srv +roadmap_repo: http://git.linaro.org/git/infrastructure/roadmap.git +apache_user: www-data +crowd_url: https://login.linaro.org:8443/crowd/rest +jira_server: https://cards.linaro.org +jira_sfid: 10301 diff --git a/ansible/hosts b/ansible/hosts new file mode 100644 index 0000000..dd5fb49 --- /dev/null +++ b/ansible/hosts @@ -0,0 +1,3 @@ +[all] +staging.status.linaro.org ansible_ssh_user=ubuntu role=staging install_dir=staging.status.linaro.org +status.linaro.org ansible_ssh_user=ubuntu role=production install_dir=status.linaro.org diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml new file mode 100644 index 0000000..7ec48c2 --- /dev/null +++ b/ansible/roles/common/handlers/main.yml @@ -0,0 +1,8 @@ +- name: restart-apache + service: name=apache2 state=restarted + +- name: stop-apache + service: name=apache2 state=stopped + +- name: reload-apache + service: name=apache2 state=reloaded diff --git a/ansible/roles/common/tasks/apache.yml b/ansible/roles/common/tasks/apache.yml new file mode 100644 index 0000000..8f05d84 --- /dev/null +++ b/ansible/roles/common/tasks/apache.yml @@ -0,0 +1,18 @@ +# Enables necessary Apache modules and disables websites. +- name: enable-modules + command: a2enmod {{ item }} + with_items: + - wsgi + - headers + - expires + notify: restart-apache + +- name: disable-sites + command: a2dissite {{ item }} + with_items: + - default + notify: restart-apache + +# Make sure the web server is running. +- name: apache2-started + service: name=apache2 state=started enabled=yes diff --git a/ansible/roles/common/tasks/install_deps.yml b/ansible/roles/common/tasks/install_deps.yml new file mode 100644 index 0000000..775f4bf --- /dev/null +++ b/ansible/roles/common/tasks/install_deps.yml @@ -0,0 +1,15 @@ +# Install all dependencies required by roadmap. +- name: install-os-deps + apt: name={{ item }} + with_items: + - apache2 + - libapache2-mod-wsgi + - git + - python-pip + - python-tz + +# PIP installation if necessary. +- name: install-pip-deps + pip: name={{ item }} + with_items: + - virtualenvwrapper diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..1aa5b62 --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,3 @@ +# Common tasks for all instances (production and staging). +- include: install_deps.yml +- include: apache.yml diff --git a/ansible/roles/status/tasks/apache_conf.yml b/ansible/roles/status/tasks/apache_conf.yml new file mode 100644 index 0000000..1c9e797 --- /dev/null +++ b/ansible/roles/status/tasks/apache_conf.yml @@ -0,0 +1,11 @@ +- name: apache-website-conf + template: src=apache_website.conf dest=/etc/apache2/sites-available/{{ install_dir }} owner=root group=root mode=0644 + tags: + - apache-conf + notify: reload-apache + +- name: apache-website-enable + command: a2ensite {{ install_dir }} + notify: reload-apache + tags: + - apache-enable diff --git a/ansible/roles/status/tasks/clone_code.yml b/ansible/roles/status/tasks/clone_code.yml new file mode 100644 index 0000000..c64cdc8 --- /dev/null +++ b/ansible/roles/status/tasks/clone_code.yml @@ -0,0 +1,6 @@ +# Clone roadmap/status code and fix files and dirs permission. +- name: clone-roadmap + git: name={{ roadmap_repo }} dest={{ install_base }}/{{ install_dir }} + +- name: fix-repo-owner + file: path={{ install_base}}/{{ install_dir }} recurse=yes owner={{ apache_user }} group={{ apache_user }} diff --git a/ansible/roles/status/tasks/cronjobs.yml b/ansible/roles/status/tasks/cronjobs.yml new file mode 100644 index 0000000..e650270 --- /dev/null +++ b/ansible/roles/status/tasks/cronjobs.yml @@ -0,0 +1,10 @@ +# Install necessary cronjobs. +- name: copy-update-script + template: src=roadmap_update_cron.sh dest={{ install_base }}/{{ install_dir }}/bin/roadmap_update_cron.sh owner={{ apache_user }} group={{ apache_user }} mode=0770 + tags: + - cronjob + +- name: install-update-cronjob + cron: name='Update cards' cron_file={{ install_dir }} state=present user={{ apache_user }} job={{ install_base }}/{{ install_dir }}/bin/roadmap_update_cron.sh minute=0 hour=0 + tags: + - cronjob diff --git a/ansible/roles/status/tasks/install_roadmap.yml b/ansible/roles/status/tasks/install_roadmap.yml new file mode 100644 index 0000000..d998683 --- /dev/null +++ b/ansible/roles/status/tasks/install_roadmap.yml @@ -0,0 +1,35 @@ +# Install roadmap via virtualenv. +- name: roadmap-log-directory + file: path=/var/log/roadmap state=directory owner={{ apache_user }} group={{apache_user }} + +- name: create-virtualenv + command: virtualenv --system-site-packages {{ install_base }}/virtualenv/{{ install_dir }} + +- name: install-requirements + pip: virtualenv={{ install_base }}/virtualenv/{{ install_dir }} requirements={{ install_base }}/{{ install_dir }}/requirements.txt + +# Roadmap installation steps. +- name: roadmap-django-syncdb + django_manage: command=syncdb virtualenv={{ install_base }}/virtualenv/{{ install_dir }} app_path={{install_base }}/{{ install_dir }} + +- name: roadmap-django-migrate + django_manage: command=migrate virtualenv={{ install_base }}/virtualenv/{{ install_dir }} app_path={{install_base }}/{{ install_dir }} + +- name: roadmap-static-files + file: state=directory src={{ install_base }}/{{ install_dir }}/roadmap/static dest=/var/www/{{ install_dir }}/static/ + +- name: roadmap-django-collectstatic + django_manage: command=collectstatic virtualenv={{ install_base }}/virtualenv/{{ install_dir }} app_path={{install_base }}/{{ install_dir }} + +# Make sure everything can be accessed by the Apache user. +- name: fix-virtualenv-ownership + file: path={{ install_base }}/virtualenv recurse=yes owner={{ apache_user }} group={{ apache_user }} + +- name: fix-roadmap-install-ownership + file: path={{ install_base }}/{{ install_dir }} owner={{ apache_user }} group={{ apache_user }} recurse=yes + +- name: fix-roadmap-static-ownership + file: path=/var/www/{{ install_dir }} recurse=yes owner={{ apache_user }} group={{ apache_user }} + +- name: fix-roadmap-log-ownership + file: path=/var/log/roadmap recurse=yes owner={{ apache_user }} group={{ apache_user }} diff --git a/ansible/roles/status/tasks/local_settings.yml b/ansible/roles/status/tasks/local_settings.yml new file mode 100644 index 0000000..9790836 --- /dev/null +++ b/ansible/roles/status/tasks/local_settings.yml @@ -0,0 +1,6 @@ +# Create the local_settings file and fix its ownership. +- name: local-settings + template: src=local_settings.py dest={{ install_base }}/{{ install_dir }}/linaroroadmap + +- name: fix-local-settings-ownership + file: path={{ install_base }}/{{ install_dir }}/linaroroadmap/local_settings.py owner={{ apache_user }} group={{ apache_user }} diff --git a/ansible/roles/status/tasks/main.yml b/ansible/roles/status/tasks/main.yml new file mode 100644 index 0000000..26bdebe --- /dev/null +++ b/ansible/roles/status/tasks/main.yml @@ -0,0 +1,6 @@ +- include: clone_code.yml +- include: local_settings.yml +- include: install_roadmap.yml +- include: wsgi.yml +- include: apache_conf.yml +- include: cronjobs.yml diff --git a/ansible/roles/status/tasks/wsgi.yml b/ansible/roles/status/tasks/wsgi.yml new file mode 100644 index 0000000..dd52c0d --- /dev/null +++ b/ansible/roles/status/tasks/wsgi.yml @@ -0,0 +1,6 @@ +# Install the correct WSGI script. +- name: install-wsgi + template: src=roadmap.wsgi dest={{ install_base }}/{{ install_dir }}/{{ install_dir }}.wsgi owner={{ apache_user }} group={{ apache_user }} mode=0744 + tags: + - wsgi + notify: restart-apache diff --git a/ansible/roles/status/templates/apache_production.conf b/ansible/roles/status/templates/apache_production.conf new file mode 100644 index 0000000..bc3aa7e --- /dev/null +++ b/ansible/roles/status/templates/apache_production.conf @@ -0,0 +1,56 @@ +<VirtualHost *:80> + ServerName {{ install_dir }} + ServerAdmin webmaster@linaro.org + + Redirect permanent / https://{{ install_dir }} +</VirtualHost> + +<VirtualHost *:443> + ServerName {{ install_dir }} + ServerAdmin webmaster@linaro.org + + CustomLog ${APACHE_LOG_DIR}/{{ install_dir }}-access.log combined + ErrorLog ${APACHE_LOG_DIR}/{{ install_dir }}-error.log + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/{{ install_dir }}.crt + SSLCertificateKeyFile /etc/ssl/certs/{{ install_dir }}.key + SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt + + SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown + #DocumentRoot /var/www/{{ install_dir }} + WSGIScriptAlias / {{ install_base }}/{{ install_dir }}/{{ install_dir }}.wsgi + + ExpiresActive On + ExpiresDefault "access plus 300 seconds" + + ExpiresByType text/css "access plus 1 month" + ExpiresByType text/javascript "access plus 1 month" + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Header append Cache-Control "public, no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=604800" + </FilesMatch> + + Alias /static/ /var/www/{{ install_dir }}/static/ + <Location "/static/"> + Options -Indexes + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + Header append Vary User-Agent env=!dont-vary + </Location> +</VirtualHost> diff --git a/ansible/roles/status/templates/apache_staging.conf b/ansible/roles/status/templates/apache_staging.conf new file mode 100644 index 0000000..68e1995 --- /dev/null +++ b/ansible/roles/status/templates/apache_staging.conf @@ -0,0 +1,47 @@ +<VirtualHost *:80> + ServerName {{ install_dir }} + ServerAdmin webmaster@linaro.org + + CustomLog ${APACHE_LOG_DIR}/{{ install_dir }}-access.log combined + ErrorLog ${APACHE_LOG_DIR}/{{ install_dir }}-error.log + + SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown + #DocumentRoot /var/www/{{ install_dir }} + + WSGIDaemonProcess {{ install_dir }} maximum-requests=10000 + WSGIProcessGroup {{ install_dir }} + WSGIScriptAlias / {{ install_base }}/{{ install_dir }}/{{ install_dir }}.wsgi + + ExpiresActive On + ExpiresDefault "access plus 300 seconds" + + ExpiresByType text/css "access plus 1 month" + ExpiresByType text/javascript "access plus 1 month" + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Header append Cache-Control "public, no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=604800" + </FilesMatch> + + Alias /static/ /var/www/{{ install_dir }}/static/ + <Location "/static/"> + Options -Indexes + SetOutputFilter DEFLATE + + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + Header append Vary User-Agent env=!dont-vary + </Location> +</VirtualHost> diff --git a/ansible/roles/status/templates/apache_website.conf b/ansible/roles/status/templates/apache_website.conf new file mode 100644 index 0000000..c6e763e --- /dev/null +++ b/ansible/roles/status/templates/apache_website.conf @@ -0,0 +1,8 @@ +WSGIRestrictEmbedded On +WSGILazyInitialization On + +{% if role == 'staging' %} +{% extends "apache_staging.conf" %} +{% else %} +{% extends "apache_production.conf" %} +{% endif %} diff --git a/ansible/roles/status/templates/roadmap.wsgi b/ansible/roles/status/templates/roadmap.wsgi new file mode 100644 index 0000000..dde7fd5 --- /dev/null +++ b/ansible/roles/status/templates/roadmap.wsgi @@ -0,0 +1,21 @@ +import os +import sys +import site + +# Add the site-packages of the chosen virtualenv to work with +site.addsitedir('{{ install_base }}/virtualenv/{{ install_dir }}/' + 'local/lib/python2.7/site-packages') + +# Add the app's directory to the PYTHONPATH +sys.path.append('{{ install_base }}/{{ install_dir }}/') +sys.path.append('{{ install_base }}/{{ install_dir }}/linaroroadmap/') + +os.environ['DJANGO_SETTINGS_MODULE'] = 'linaroroadmap.settings' + +# Activate your virtual env +activate_env = os.path.expanduser( + "{{ install_base }}/virtualenv/{{ install_dir }}/bin/activate_this.py") +execfile(activate_env, dict(__file__=activate_env)) + +import django.core.handlers.wsgi +application = django.core.handlers.wsgi.WSGIHandler() diff --git a/ansible/roles/status/templates/roadmap_update_cron.sh b/ansible/roles/status/templates/roadmap_update_cron.sh new file mode 100644 index 0000000..b4fdf7d --- /dev/null +++ b/ansible/roles/status/templates/roadmap_update_cron.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright (C) 2013, 2014 Linaro +# +# This file is part of roadmap. +# +# roadmap is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# roadmap is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with roadmap. If not, see <http://www.gnu.org/licenses/>. + +export WORKON_HOME={{install_base }}/virtualenv +source /usr/local/bin/virtualenvwrapper.sh + +workon {{ install_dir }} + +cd /srv/{{ install_dir }} + +{% if role == 'staging' %} +./manage.py roadmap_import --debug +./manage.py burndown_snapshot --debug +{% else %} +./manage.py roadmap_import +./manage.py burndown_snapshot +{% endif %}
\ No newline at end of file diff --git a/ansible/secrets.yml b/ansible/secrets.yml new file mode 100644 index 0000000..31f12ca --- /dev/null +++ b/ansible/secrets.yml @@ -0,0 +1,5 @@ +# Secrets the user need to insert. +crowd_app_name: +crowd_app_password: +jira_username: +jira_password: diff --git a/ansible/site.yml b/ansible/site.yml new file mode 100644 index 0000000..98e5f36 --- /dev/null +++ b/ansible/site.yml @@ -0,0 +1,11 @@ +# Install everything. + +- hosts: all + gather_facts: no + sudo: yes + roles: + - common + - status + vars_files: + - secrets.yml +
\ No newline at end of file diff --git a/bin/roadmap_update.sh b/bin/roadmap_update.sh index f05691c..06bef13 100755 --- a/bin/roadmap_update.sh +++ b/bin/roadmap_update.sh @@ -18,7 +18,10 @@ export WORKON_HOME=/srv/virtualenv source /usr/local/bin/virtualenvwrapper.sh + workon roadmap + cd /srv/production_roadmap + ./manage.py roadmap_import --debug ./manage.py burndown_snapshot --debug |