Rework on Ansible config, this is now more universal

2020-09-06 10:32:52 +02:00 · 2020-09-06 10:32:52 +02:00 · 1a28e876b8
parent 2a824cadf6
commit 1a28e876b8
10 changed files with 90 additions and 35 deletions
--- a/ansible/base.yml
+++ b/ansible/base.yml
@ -1,15 +1,13 @@
 #!/usr/bin/env ansible-playbook
 ---

- hosts: bde-note.adh.crans.org
+- hosts: server
  vars_prompt:
    - name: DB_PASSWORD
-      prompt: "Password of the database"
+      prompt: "Password of the database (leave it blank if this is a reinstallation)"
      private: yes
  vars:
    mirror: deb.debian.org
-    note:
-      server_name: note.crans.org
  roles:
    - 1-apt-basic
    - 2-nk20
--- a/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
+++ b/ansible/host_vars/bde-nk20-beta.adh.crans.org.yml
@ -0,0 +1,5 @@
+---
+note:
+  server_name: note-beta.crans.org
+  git_branch: beta
+  cron_enabled: true
--- a/ansible/host_vars/bde-note.adh.crans.org.yml
+++ b/ansible/host_vars/bde-note.adh.crans.org.yml
@ -0,0 +1,5 @@
+---
+note:
+  server_name: note.crans.org
+  git_branch: master
+  cron_enabled: true
--- a/ansible/host_vars/bde3-virt.adh.crans.org.yml
+++ b/ansible/host_vars/bde3-virt.adh.crans.org.yml
@ -0,0 +1,5 @@
+---
+note:
+  server_name: note-dev.crans.org
+  git_branch: beta
+  cron_enabled: false
--- a/ansible/hosts
+++ b/ansible/hosts
@ -1,4 +1,5 @@
 [server]
+bde3-virt.adh.crans.org
 bde-nk20-beta.adh.crans.org
 bde-note.adh.crans.org

--- a/ansible/roles/2-nk20/tasks/main.yml
+++ b/ansible/roles/2-nk20/tasks/main.yml
@ -11,7 +11,7 @@
  git:
    repo: https://gitlab.crans.org/bde/nk20.git
    dest: /var/www/note_kfet
-    version: master
+    version: "{{ note.git_branch }}"
    force: true

 - name: Use default env vars (should be updated!)
@ -30,6 +30,7 @@
    group: www-data

 - name: Setup cron jobs
+  when: "note.cron_enabled"
  template:
    src: note.cron.j2
    dest: /etc/cron.d/note
--- a/ansible/roles/2-nk20/templates/note.cron.j2
+++ b/ansible/roles/2-nk20/templates/note.cron.j2
@ -1,22 +0,0 @@
-# {{ ansible_managed }}
-# Les cronjobs dont a besoin la Note Kfet
-
-# m  h   dom mon dow     user   command
-# Envoyer les mails en attente
- *   *     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py send_mail >> /var/www/note_kfet/cron_mail.log
- *   *     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py retry_deferred >> /var/www/note_kfet/cron_mail_deferred.log
- 00  0     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 >> /var/www/note_kfet/cron_mail_purge.log
-# Faire une sauvegarde de la base de données
- 00  2     *   *   *     root   cd /var/www/note_kfet && apps/scripts/shell/backup_db
-# Vérifier la cohérence de la base et mailer en cas de problème
- 00  4     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py check_consistency --sum-all --check-all --mail
-# Mettre à jour le wiki (modification sans (dé)validation, activités passées)
-#30  5     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py refresh_activities --raw --comment refresh
-# Spammer les gens en négatif
- 00  5     *   *   2     root   cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --spam
-# Envoyer le rapport mensuel aux trésoriers et respos info
- 00  8     6   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py send_mail_to_negative_balances --report
-# Envoyer les rapports aux gens
- 55  6     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py send_reports
-# Envoyer les rapports aux gens
- 00  9     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py refresh_highlighted_buttons
--- a/ansible/roles/2-nk20/templates/note.cron.j2
+++ b/ansible/roles/2-nk20/templates/note.cron.j2
@ -0,0 +1 @@
+../../../../note.cron
--- a/ansible/roles/5-nginx/templates/nginx_note.conf
+++ b/ansible/roles/5-nginx/templates/nginx_note.conf
@ -0,0 +1,63 @@
+# the upstream component nginx needs to connect to
+upstream note{
+    server unix:///var/www/note_kfet/note_kfet.sock; # file socket
+}
+
+# Redirect HTTP to nk20 HTTPS
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    location / {
+        return 301 https://{{ note.server_name }}$request_uri;
+    }
+}
+
+# Redirect all HTTPS to nk20 HTTPS
+server {
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    location / {
+        return 301 https://{{ note.server_name }}$request_uri;
+    }
+
+    ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+
+# configuration of the server
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    # the port your site will be served on
+    # the domain name it will serve for
+    server_name {{ note.server_name }}; # substitute your machine's IP address or FQDN
+    charset     utf-8;
+
+    # max upload size
+    client_max_body_size 75M;   # adjust to taste
+
+    # Django media
+    location /media  {
+        alias /var/www/note_kfet/media;  # your Django project's media files - amend as required
+    }
+
+    location /static {
+        alias /var/www/note_kfet/static; # your Django project's static files - amend as required
+    }
+
+    # Finally, send all non-media requests to the Django server.
+    location / {
+        uwsgi_pass note;
+        include /etc/nginx/uwsgi_params;
+    }
+
+    ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
--- a/ansible/roles/6-psql/tasks/main.yml
+++ b/ansible/roles/6-psql/tasks/main.yml
@ -10,17 +10,15 @@
  retries: 3
  until: pkg_result is succeeded

- name: Install Psycopg2
-  pip:
-    name: psycopg2-binary
-
 - name: Create role note
+  when: "DB_PASSWORD|bool"    # If the password is not defined, skip the installation
  postgresql_user:
    name: note
    password: "{{ DB_PASSWORD }}"
  become_user: postgres

 - name: Create NK20 database
+  when: "DB_PASSWORD|bool"
  postgresql_db:
    name: note_db
    owner: note
--- a/note.cron
+++ b/note.cron
@ -1,11 +1,11 @@
-# Attention, il faut *copier* ce fichier dans /etc/cron.d, owner root:root et droits 644
+{{ ansible_managed }}
 # Les cronjobs dont a besoin la Note Kfet

 # m  h   dom mon dow     user   command
 # Envoyer les mails en attente
- *   *     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py send_mail
- *   *     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py retry_deferred
- 00  0     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7
+ *   *     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py send_mail -c 1
+ *   *     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py retry_deferred -c 1
+ 00  0     *   *   *     root   cd /var/www/note_kfet && env/bin/python manage.py purge_mail_log 7 -c 1
 # Faire une sauvegarde de la base de données
 00  2     *   *   *     root   cd /var/www/note_kfet && apps/scripts/shell/backup_db
 # Vérifier la cohérence de la base et mailer en cas de problème