Plone Ansible playbook
Use Ansible to provision a full-stack Plone server
Before you update*: If you're using version 1.2.x, you should note that version 1.3.0+ sets up client monitors for each ZEO client.
These monitors will use the client port + 100.
haproxy will use these monitor ports as a mechanism to check ZEO client status without using an http thread.
tcpcheck variables in the documentation for plone setup if you wish to alter or turn off this feature.
Plone's Ansible Playbook can completely provision a remote server to run the full stack of Plone, including:
- Plone in a cluster configuration;
- Automatic starting and process control of the Plone cluster with supervisor;
- Load balancing of the cluster with HAProxy;
- Caching with Varnish;
- Nginx as a world-facing remote proxy and URL rewrite engine;
- An outgoing-mail-only mail server using Postfix;
- Monitoring and log analysis with munin-node and logwatch and fail2ban.
- Use of a local VirtualBox provisioned via vagrant to test and model your remote server.
An ansible playbook and roles describe the desired condition of the server. The playbook is used both for initial provisioning and for updating.
We generally support relatively current CentOS and Debian/Ubuntu environments. Versions currently supported are Ubuntu 18.04 (Bionic) LTS, 16.0.4 (Xenial) LTS, Ubuntu 15, Debian jessie, Debian stretch, and CentOS 7.
docs subdirectory or readthedocs for complete documentation.
Detailed, tutorial-style documentation with lots of real-life examples is available at the Plone Training site.
- Install a current version of Ansible (use virtualenv and pip -- not your OS package manager);
- If you wish to test locally, install Vagrant and VirtualBox;
- Check out or download a copy of the STABLE branch of this package;
ansible-galaxy install -r requirements.ymlto install required roles;
- Copy one of the
local-configure.ymland edit as needed.
- To test in a local virtual machine, run
- To deploy, create an Ansible inventory file for the remote host and run
ansible-playbook -K -i myhost.cfg playbook.yml(-K prompts for the sudo password on the remote host)
- Set a real password for your Plone instance on the target server;
- Set up appropriate firewalls.
Python required: Ansible requires that the target server have a recent Python 2.x on the server. Newer platforms (like Ubuntu Xenial and later) may not have this activated on pristine new machines.
If you get connection errors from Ansible, check the remote machine to make sure Python 2.7 is available.
which python2.7 will let you know.
If it's missing, use your package manager to install it.
On Ubuntu Xenial and Bionic (16.0.4 LTS),
sudo apt-get install -y python will do the trick.
sshpass: You may need to install
sshpass on the host machine to manage sending passwords to the remote machine over ssh.
sudo apt-get install sshpass will do the trick in the Debian universe.