Skip to content

Commit

Permalink
setup - fixes for refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
@superstes
superstes committed Dec 30, 2021
1 parent f46548d commit 27a3459
Show file tree
Hide file tree
Showing 16 changed files with 349 additions and 286 deletions.
1 change: 1 addition & 0 deletions setup/ReadMe.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ Just put it in the background, change what you want and bring the setup back to

Type 'yes' and press enter to start the setup tasks.

After that it will ask you for a 'BECOME password' => you need to **provide the password for a user with root privileges** on the target system!

##### Post install

Expand Down
283 changes: 22 additions & 261 deletions setup/pb_setup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,291 +8,52 @@
- './vars/hardcoded.yml'
tasks:
# pre tasks
- name: Installing script dependencies
- name: GA | Setup | Installing script dependencies
ansible.builtin.apt:
name: "{{ ga_script_packages }}"
state: present

- name: Checking if password file exists
- name: GA | Setup | Checking if password file exists
ansible.builtin.stat:
path: "{{ ga_random_pwd_file }}"
register: random_pwd_file

- name: Generating passwords
ansible.builtin.block:
- name: Writing web-user heading to file
ansible.builtin.lineinfile:
line: "# database-users:"
path: "{{ ga_random_pwd_file }}"
state: present

- name: Writing sql-core password to file
ansible.builtin.lineinfile:
line: "{{ ga_sql_user_core }}={{ ga_sql_pwd_core }}"
path: "{{ ga_random_pwd_file }}"
insertafter: #\database-users:"
create: yes
state: present
mode: 0600
no_log: true

- name: Writing sql-web password to file
ansible.builtin.lineinfile:
line: "{{ ga_sql_user_web }}={{ ga_sql_pwd_web }}"
path: "{{ ga_random_pwd_file }}"
insertafter: #\database-users:"
state: present
no_log: true

- name: Writing web-user heading to file
ansible.builtin.lineinfile:
line: "# web-users:"
path: "{{ ga_random_pwd_file }}"
state: present

- name: Writing web-admin password to file
ansible.builtin.lineinfile:
line: "admin={{ ga_sql_pwd_web }}"
path: "{{ ga_random_pwd_file }}"
state: present
insertafter: #\sweb-users:"
no_log: true

- name: Writing web-user passwords to file
ansible.builtin.lineinfile:
line: "{{ item.name }}={{ item.pwd }}"
path: "{{ ga_random_pwd_file }}"
state: present
insertafter: #\sweb-users:"
no_log: true
with_items: "{{ ga_web_users }}"

- name: GA | Setup | Generating passwords
ansible.builtin.import_role:
name: setup
tasks_from: 'write_pwds.yml'
when: not random_pwd_file.stat.exists

- name: Pulling existing passwords
ansible.builtin.block:
- name: Getting sql-core password
ansible.builtin.shell: "cat {{ ga_random_pwd_file | quote }} | grep {{ ga_sql_user_core | quote }}"
register: raw_core_pwd
when: ga_sql_pwd_core == ga_sql_pwd_random_key
no_log: true
changed_when: False

- name: Setting sql-core password
ansible.builtin.set_fact:
ga_sql_pwd_core: "{{ raw_core_pwd.stdout.split('=', 1)[1] }}"
no_log: true
when: ga_sql_pwd_core == ga_sql_pwd_random_key

- name: Getting sql-web password
ansible.builtin.shell: "cat {{ ga_random_pwd_file | quote }} | grep {{ ga_sql_user_web | quote }}"
register: raw_web_pwd
when: ga_sql_pwd_web == ga_sql_pwd_random_key
no_log: true
changed_when: False

- name: Setting sql-web password
ansible.builtin.set_fact:
ga_sql_pwd_web: "{{ raw_web_pwd.stdout.split('=', 1)[1] }}"
no_log: true
when: ga_sql_pwd_web == ga_sql_pwd_random_key

# we must not pull the web-users passwords since they will not be overwritten

- name: GA | Setup | Pulling existing passwords
ansible.builtin.import_role:
name: setup
tasks_from: 'read_pwds.yml'
when: random_pwd_file.stat.exists

# installation
- name: GA Core
- name: GA | Setup | GA Core
ansible.builtin.import_role:
name: core
when: ga_core_install

- name: GA Web - Pre tasks
- name: GA | Setup | GA Web - Pre tasks
ansible.builtin.import_role:
name: web
when: ga_web_install

# database setup
- name: GA Web - Database
- name: GA | Setup | Database setup tasks
ansible.builtin.import_role:
name: ansibleguy.infra_django_apache
vars:
django:
sites:
ga:
python_version: '3.9'
path_venv: "{{ ga_web_path_venv }}"
path_code: "{{ ga_web_path }}"
project: "base"
static_url: 'static'
serve:
path: "{{ ga_web_path_static }}"
name: setup
tasks_from: 'setup_database.yml'

user: "{{ ga_web_service_user }}"
group: "{{ ga_service_group }}"
admin: "{{ ga_web_ssl_letsencrypt_mail }}"
port_plain: "{{ ga_web_port_http }}"
port_ssl: "{{ ga_web_port_https }}"
domain: "{{ ga_web_dns }}"
aliases: "{{ ga_web_alias }}"
ssl:
mode: "{{ ga_web_ssl_mode }}"
cert:
cn: 'GrowAutomation Certificate'
org: 'GrowAutomation'
country: 'AT'
state: 'Styria'
ca:
cn: 'GrowAutomation CA'
org: 'GrowAutomation'
country: 'AT'
state: 'Styria'
letsencrypt:
email: "{{ ga_web_ssl_letsencrypt_mail }}"
env_pythonpath: ["{{ ga_core_path }}"]
migration_pre_tasks: ['systemctl stop ga_core.service']
migration_post_tasks: ['systemctl start ga_core.service']
python_modules:
present: "{{ ga_django_mods }}"
database:
manage: "{{ ga_sql_install }}"
host: "{{ ga_sql_server }}"
db: "{{ ga_sql_db }}"
user: "{{ ga_sql_user_web }}"
pwd: "{{ ga_sql_pwd_web }}"
config: "{{ ga_update_path_web }}/{{ ga_sql_config }}"
config_mode: "0640"
backup: true
sync_code:
enabled: true
src: "{{ ga_setup_clone_dir }}/code/web/base/"
dst: "{{ ga_web_path }}"
static_src: "{{ ga_web_path }}/static/"
static_dst: "{{ ga_web_path_static }}"
when: ga_web_install

- name: GA Core - Database
community.mysql.mysql_user:
name: "{{ ga_sql_user_core }}"
password: "{{ ga_sql_pwd_core }}"
priv: "{{ ga_sql_db + '.*:ALL' }}"
login_unix_socket: "{{ ga_sql_socket }}"
no_log: true
when:
- ga_web_install
- ga_core_install

- name: GA Core Database - Preparing config
ansible.builtin.set_fact:
ga_mariadb_instance: "{{ {
'dbs': {
ga_sql_db: 'present',
},
'backup': true,
'users': {
ga_sql_user_web: {
'priv': ga_sql_db + '.*:ALL',
'pwd': ga_sql_pwd_web,
},ansible.bu
ga_sql_user_core: {
'priv': ga_sql_db + '.*:ALL',
'pwd': ga_sql_pwd_core,
},
},
'settings': {'wait_timeout': 3600},
'socket': ga_sql_socket
} }}"

- name: GA Core Database - Setting up
ansible.builtin.import_role:
name: ansibleguy.infra_mariadb
vars:
mariadb:
instances:
ga: "{{ ga_mariadb_instance }}"
when:
- not ga_web_install
- ga_core_install
- ga_sql_install

- name: GA Web - Post tasks
ansible.builtin.import_role:
name: web
tasks_from: 'init_db.yml'
when:
- ga_web_install
- ga_web_init_db
- name: GA | Setup | Starting core service
ansible.builtin.systemd:
name: 'ga_core.service'
state: started

# basic system setup
- name: Bootstrapping
- name: GA | Setup | System setup tasks
ansible.builtin.import_role:
name: ansibleguy.linux_bootstrap
vars:
configure_firewall: false # will be done explicitly
configure_users: false
configure_ssh: false # could be done as opt-in in the future (?)
# ssh_config:
# port: 22
# allow_root: false
# auth_pwd: true
# auth_pubkey: false # ?
# msg: true

configure_network: false
configure_auto_update: true
auto_update_config:
time: 'Sun 00:00'
auto_reboot: true
auto_reboot_with_users: false
auto_reboot_time: '02:00'
exclusions: []
exclude_kernel: false
logging: true
logging_verbose: true
when: ga_bootstrap

# firewall management
- name: Firewall
ansible.builtin.block:
- name: GA Web/Core - Firewall
ansible.builtin.import_role:
name: ansibleguy.infra_ufw
vars:
ufw_rules:
GrowAutomationWeb:
port: "{{ ga_web_port_http }},{{ ga_web_port_https }}"
proto: 'tcp'
GrowAutomationCore:
port: "{{ ga_core_port_socket }}"
proto: 'tcp'
log: true
when:
- ga_web_install
- ga_core_install

- name: GA Web - Firewall
ansible.builtin.import_role:
name: ansibleguy.infra_ufw
vars:
ufw_rules:
GrowAutomationWeb:
port: "{{ ga_web_port_http }},{{ ga_web_port_https }}"
proto: 'tcp'
when:
- ga_web_install
- not ga_core_install

- name: GA Core - Firewall
ansible.builtin.import_role:
name: ansibleguy.infra_ufw
vars:
ufw_rules:
GrowAutomationCore:
port: "{{ ga_core_port_socket }}"
proto: 'tcp'
log: true
when:
- ga_core_install
- not ga_web_install

when: ga_ufw_manage
name: setup
tasks_from: 'setup_system.yml'
4 changes: 4 additions & 0 deletions setup/requirements.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ roles:
version: 'stable'
name: 'ansibleguy.linux_bootstrap'

- src: 'https://github.com/ansibleguy/linux_users.git'
version: 'stable'
name: 'ansibleguy.linux_users'

- src: 'https://github.com/ansibleguy/infra_django_apache.git'
version: 'stable'
name: 'ansibleguy.infra_django_apache'
Expand Down
6 changes: 4 additions & 2 deletions setup/roles/core/tasks/devices.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,14 @@
ansible.builtin.pip:
name: "{{ ga_device_mods }}"
virtualenv: "{{ ga_core_path_venv }}"
virtualenv_python: "{{ ga_python_version }}"
virtualenv_python: "python{{ ga_python_version }}"
virtualenv_command: '/usr/bin/virtualenv'
executable: pip3
state: present

- name: GA | Core | Copying device-code
ansible.posix.synchronize:
src: "{{{ ga_setup_clone_dir }}/code/device"
src: "{{ ga_setup_clone_dir }}/code/device"
dest: "{{ ga_core_path }}/"
recursive: yes
rsync_path: 'sudo rsync'
Expand Down
13 changes: 4 additions & 9 deletions setup/roles/core/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@

- name: GA | Core | Copying core-code
ansible.posix.synchronize:
src: "{{{ ga_setup_clone_dir }}/code/core"
src: "{{ ga_setup_clone_dir }}/code/core"
dest: "{{ ga_core_path }}/"
recursive: yes
rsync_path: 'sudo rsync'
Expand Down Expand Up @@ -84,17 +84,13 @@
owner: "{{ ga_core_service_user }}"
group: "{{ ga_service_group }}"

- name: GA | Core | Install python virtualenv
ansible.builtin.pip:
name: 'virtualenv'
executable: pip3
state: present

- name: GA | Core | Install python modules into venv
ansible.builtin.pip:
name: "{{ ga_core_mods }}"
virtualenv: "{{ ga_core_path_venv }}"
virtualenv_python: "{{ ga_python_version }}"
virtualenv_python: "python{{ ga_python_version }}"
virtualenv_command: '/usr/bin/virtualenv'
executable: pip3
state: present

- name: GA | Core | Adding core service file
Expand All @@ -113,7 +109,6 @@
ansible.builtin.systemd:
name: 'ga_core.service'
enabled: yes
state: started

- name: GA | Configure device support
ansible.builtin.import_tasks: devices.yml
Expand Down

0 comments on commit 27a3459

Please sign in to comment.