-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathplaybook.yml
More file actions
223 lines (181 loc) · 5.67 KB
/
playbook.yml
File metadata and controls
223 lines (181 loc) · 5.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
##
# HubDrop Server
#
---
- hosts: webserver
user: root
vars_files:
- vars.yml
tasks:
- hostname: name={{ server_hostname }}
- name: Setup | Message of the day.
action: template src=templates/motd.j2 dest=/etc/update-motd.d/95-ansible mode=755
- name: Set timezone variables
copy: content='America/New_York'
dest=/etc/timezone
owner=root
group=root
mode=0644
backup=yes
notify:
- update timezone
- name: Setup | Install required packages.
action: apt pkg={{ item }} state=installed
with_items:
- php5
- apache2
- php-apc
- php5-xmlrpc
- php5-curl
- php5-gd
- sendmail
- vim
- git
- apache2
- acl
- python-pycurl
##
# HubDrop App
#
- name: HubDrop | Create HubDrop User
user:
name=hubdrop
shell=/bin/bash
groups=www-data
append=yes
home=/var/hubdrop
generate_ssh_key=yes
uid=1010
- name: HubDrop | Save SSH config file.
template:
src=templates/ssh-config.j2
dest=/var/hubdrop/.ssh/config
owner=hubdrop
group=hubdrop
mode=0600
- name: HubDrop | Clone app source code.
git:
repo={{ app_repo }}
dest={{ app_root }}
version={{ app_version }}
- name: HubDrop | Grant ownership of app source code to hubdrop user.
file:
path={{ app_root }}
owner=hubdrop group=hubdrop
recurse=yes
state=directory
- name: HubDrop | Grant ownership of app.php to www-data
file:
path={{ app_root }}/web/app.php
owner=www-data group=hubdrop
- name: HubDrop | Create repos folder
file:
path=/var/hubdrop/repos
owner=hubdrop
group=www-data
state=directory
mode=0774
- name: HubDrop | Create cache folder
file:
path={{ app_root }}/app/cache
owner=hubdrop
group=www-data
state=directory
mode=0774
- name: HubDrop | Create logs folder
file:
path={{ app_root }}/app/logs
owner=hubdrop
group=www-data
state=directory
mode=0774
- name: HubDrop | Setup ACL for logs and cache.
command: setfacl -R -m u:www-data:rwX -m u:hubdrop:rwX {{ app_root }}/app/cache {{ app_root }}/app/logs
command: setfacl -dR -m u:www-data:rwx -m u:hubdrop:rwx {{ app_root }}/app/cache {{ app_root }}/app/logs
- name: HubDrop | Set up `hubdrop` executable
template:
src=templates/usr-bin-hubdrop.j2
dest=/usr/bin/hubdrop
mode=0755
- name: HubDrop | Set up `hubdrop-jenkins` executable
template:
src=templates/usr-bin-hubdrop-jenkins.j2
dest=/usr/bin/hubdrop-jenkins
mode=0755
- name: HubDrop | Set global environment variables
template:
src=templates/etc-profile-d-hubdrop-environment.sh.j2
dest=/etc/profile.d/hubdrop-environment.sh
mode=0644
##
# APACHE
#
- name: Apache | Enable rewrite and vhost_alias modules.
action: command a2enmod rewrite vhost_alias
# @TODO: Should we just remove it to speed up provisioning?
- name: Apache | Disable the default site.
action: command a2dissite default
removes=/etc/apache2/sites-enabled/default.conf
- name: Apache | Save virtualhost configuration file.
action: template src=templates/apache-vhost.j2 dest=/etc/apache2/sites-available/{{ server_hostname }}
# @TODO: Should we just create the symlink ourselves to speed up provisioning?
- name: Apache | Enable hubdrop.org site.
action: command a2ensite {{ server_hostname }}
notify:
- restart apache
- name: Apache | Add www-data to hubdrop group
action: user name=www-data groups=hubdrop append=true
##
# JENKINS
#
- name: Jenkins | Add apt key
apt_key:
url=https://jenkins-ci.org/debian/jenkins-ci.org.key
state=present
validate_certs=no
- name: Jenkins | Add apt repo
apt_repository:
repo='deb http://pkg.jenkins-ci.org/debian binary/'
state=present
- name: Jenkins | Install jenkins apt package
apt: pkg={{ item }} state=installed
with_items:
- jenkins
- name: Jenkins | Create jobs directory.
file: path=/var/lib/jenkins/jobs owner=jenkins group=jenkins recurse=yes state=directory
- name: Jenkins | Setup jenkins jobs folders.
file:
path=/var/lib/jenkins/jobs/{{ item }}
owner=jenkins
group=jenkins
recurse=yes
state=directory
with_items: jenkins_jobs
- name: Jenkins | Setup jenkins jobs.
template:
src=templates/jenkins-{{ item }}-config.xml.j2
dest=/var/lib/jenkins/jobs/{{ item }}/config.xml
mode=0644
with_items: jenkins_jobs
notify:
- restart jenkins
- name: Jenkins | Setup jenkins cli conf.
template:
src=templates/etc-jenkins-cli.conf.j2
dest=/etc/jenkins/cli.conf
mode=0644
- name: Jenkins | Setup jenkins sudo perms.
template:
src=templates/etc-sudoers-d-jenkins.j2
dest=/etc/sudoers.d/jenkins
mode=0440
# @TODO Setup github authorization by running hubdrop:github
- name: ensure apache is running
service: name=apache2 state=started
handlers:
- name: restart apache
service: name=apache2 state=restarted
- name: restart jenkins
action: service name=jenkins state=restarted
- name: update timezone
command: dpkg-reconfigure --frontend noninteractive tzdata