Skip to content
Permalink
Browse files

Add playbook for deploying live demos on demo.recordsansible.org

This deploys api.demo.recordsansible.org as well as
web.demo.recordsansible.org using the Ansible roles from ara.

The only part not yet automated is the letsencrypt certificate
generation.

Change-Id: I6b436d3be32105fdf9d661d042bfb3d40e5e39a6
Depends-On: https://review.openstack.org/#/c/641859/
  • Loading branch information...
dmsimard committed Mar 7, 2019
1 parent 5592862 commit a797094b61d3dd5f7ccb25849499489ed40cafea
@@ -0,0 +1,10 @@
[defaults]
forks = 25
gathering = smart
fact_caching = jsonfile
fact_caching_connection = /tmp/
fact_caching_timeout = 3600
inventory = hosts

[ssh_connection]
pipelining = True
@@ -0,0 +1 @@
demo.recordsansible.org ansible_host=139.178.83.37 ansible_user=fedora ansible_python_interpreter=/usr/bin/python3
@@ -0,0 +1,22 @@
- name: Provision demo.recordsansible.org
hosts: demo.recordsansible.org
gather_facts: yes
vars:
# ara_api
ara_api_fqdn: api.demo.recordsansible.org
ara_api_frontend_server: nginx
ara_api_frontend_vhost: api.demo.recordsansible.org.conf.j2
ara_api_wsgi_server: gunicorn
ara_api_allowed_hosts:
- api.demo.recordsansible.org
ara_api_cors_origin_whitelist:
- web.demo.recordsansible.org
- logs.openstack.org
# ara_web
ara_web_fqdn: web.demo.recordsansible.org
ara_web_api_endpoint: "https://api.demo.recordsansible.org"
ara_web_frontend_server: nginx
ara_web_frontend_vhost: web.demo.recordsansible.org.conf.j2
roles:
- ara_api
- ara_web
@@ -0,0 +1,51 @@
upstream ara_api {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
server {{ ara_api_wsgi_bind }} fail_timeout=0;
}

server {
listen 80;
server_name {{ ara_api_fqdn }};
return 301 https://{{ ara_api_fqdn }}$request_uri;
}

server {
listen 443;
server_name {{ ara_api_fqdn }};
access_log /var/log/nginx/{{ ara_api_fqdn }}_access.log;
error_log /var/log/nginx/{{ ara_api_fqdn }}_error.log;

ssl on;
ssl_certificate /etc/letsencrypt/live/{{ ara_api_fqdn }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ ara_api_fqdn }}/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

# There's nothing at /, redirect it to the actual API for convenience
location / {
return 301 http://{{ ara_api_fqdn }}/api/v1/;
}

location /static {
expires 7d;
add_header Cache-Control "public";
}

# Everything, including static files, is served by the backend
location ~ {
# checks if the file exists, if not found proxy to app
try_files $uri @proxy_to_app;
}

location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;

proxy_redirect off;
proxy_pass http://ara_api;
}
}
@@ -0,0 +1,46 @@
{% if ara_web_dev_server %}
upstream ara_web {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
server {{ ara_web_dev_server_bind_address }}:{{ ara_web_dev_server_bind_port }} fail_timeout=0;
}
{% endif %}

server {
listen 80;
server_name {{ ara_web_fqdn }};
return 301 https://{{ ara_web_fqdn }}$request_uri;
}

server {
listen 443;
server_name {{ ara_web_fqdn }};
root {{ ara_web_static_dir }};
access_log /var/log/nginx/{{ ara_web_fqdn }}_access.log;
error_log /var/log/nginx/{{ ara_web_fqdn }}_error.log;

ssl on;
ssl_certificate /etc/letsencrypt/live/{{ ara_web_fqdn }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ ara_web_fqdn }}/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

{% if ara_web_dev_server %}
location ~ {
# checks for static file, if not found proxy to server
try_files $uri @proxy_to_app;
}

location @proxy_to_app {
# Redefine the header fields that NGINX sends to the upstream server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Define the location of the proxy server to send the request to
proxy_pass http://ara_web;
}
{% endif %}
}

0 comments on commit a797094

Please sign in to comment.
You can’t perform that action at this time.