-
Notifications
You must be signed in to change notification settings - Fork 0
/
velmu.yml
150 lines (145 loc) · 4.06 KB
/
velmu.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
- hosts: localhost
remote_user: root
pre_tasks:
- name: Install mercurial
yum:
name: mercurial
- name: Install python-devel
yum:
name: python-devel
- name: Install postgresql-devel
yum:
name: postgresql-devel
- name: Install libjpeg-devel
yum:
name: libjpeg-devel
- name: Install zlib-devel
yum:
name: zlib-devel
- name: Install openssl-devel
yum:
name: openssl-devel
- name: Install libffi-devel
yum:
name: libffi-devel
- name: Create group bew
group:
name: bew
state: present
- name: Create user bew
user:
name: bew
comment: "BEW Service"
group: bew
- name: Set bew's home dir permissions
file:
path: /home/bew
state: directory
owner: bew
group: bew
mode: 0711
- name: Create bew's .ssh
file:
path: /home/bew/.ssh
state: directory
owner: bew
group: bew
mode: 0700
- name: Import bitbucket.org SSH key
known_hosts:
path: /home/bew/.ssh/known_hosts
name: bitbucket.org
key: "bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw=="
- name: Import code.haltu.net SSH key
known_hosts:
path: /home/bew/.ssh/known_hosts
name: code.haltu.net
key: "code.haltu.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy9CUSBbe+crCXSRzVZ4nNIQRWYUiqC3fk5JZkuBa05BMpkK6dmG0oZ7H5Z4gQ1OQZcIfLP8uT6O2+SUpbn6u5DVQxIDBVNUETgGPSyNTgURi/9mEktxUgjD4mQzKFdX5+UdqvzhCut1+1asVWsRPrMwStLJn0YlK8wf/6bZnfmgQfvCP4yx9ney1F9M453uSPHfwB0ETfVpRFPZBy7eI1HizdB5BxcvE+gvYScLr7BkjA6JgKWiyBpjXM5+KAtjEvQ6z1Nm/3lFX3iL1UZBOT0oEh19SgtWM9QsBgdDaF6nPomX6WPnH5MrMx+UISLixm7Sh2GbVX54SR26xdsPEj"
- name: Set known hosts permissions
file:
path: /home/bew/.ssh/known_hosts
owner: bew
group: bew
mode: 0600
- name: Create bew's .buildout
file:
path: /home/bew/.buildout
state: directory
owner: bew
group: bew
mode: 0755
- name: Copy mr.developer.cfg
copy:
src: /srv/ansible/files/buildout_mrdeveloper.cfg
dest: /home/bew/.buildout/mr.developer.cfg
owner: bew
group: bew
mode: 0644
- name: Insert local_settings.py
template:
src: /srv/ansible/files/local_settings.py.j2
dest: /home/bew/local_settings.py
owner: bew
group: bew
mode: 0644
- name: Insert newrelic.ini
template:
src: /srv/ansible/files/newrelic.ini.j2
dest: /home/bew/newrelic.ini
owner: bew
group: bew
mode: 0644
- name: Activate bew's virtualenv
lineinfile:
path: /home/bew/.bash_profile
line: "source $HOME/venv/bin/activate"
tasks:
- name: Enable httpd_can_network_connect
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
- name: Enable httpd_read_user_content
seboolean:
name: httpd_read_user_content
state: yes
persistent: yes
- name: Include user apache to group bew
user:
name: apache
groups: bew
- name: Include user root to group bew
user:
name: root
groups: bew
post_tasks:
- name: Overwrite Supervisor config
copy:
src: /srv/ansible/files/supervisord.conf
dest: /etc/supervisor/supervisord.conf
owner: root
group: root
mode: 0644
- name: Restart Supervisor
service:
name: supervisord
state: restarted
enabled: yes
vars_files:
- group_vars/vars
- group_vars/velmu
- group_vars/vault
roles:
- singleplatform-eng.users
- geerlingguy.repo-epel
- geerlingguy.pip
- geerlingguy.git
- geerlingguy.postgresql
- Stouts.rabbitmq
- geerlingguy.redis
- geerlingguy.memcached
- geerlingguy.supervisor
- geerlingguy.certbot
- CSCfi.apache
- cchurch.virtualenv