AKPlanning ansible role

.gitlab-ci.yml

@@ -12,7 +12,7 @@ cache:
     - "$CI_PROJECT_DIR/pip-cache"
   key: "$CI_PROJECT_ID"
 
-molecule-lint:
+molecule:
   stage: test
   script:
-    - molecule lint
+    - molecule test

files/akplanning.service

+[Unit]
+Description=AKPlanning instance
+After=network.target
+
+[Service]
+User=django
+Group=django
+WorkingDirectory=/srv/AKPlanning/
+Environment="PATH=/srv/AKPlanning/venv/bin"
+ExecStart=/usr/bin/uwsgi --ini uwsgi-akplanning.ini
+Type=notify
+NotifyAccess=all
+Restart=always
+KillSignal=SIGQUIT
+
+[Install]
+WantedBy=multi-user.target

files/nginx.conf

+server {
+    add_header Referrer-Policy same-origin;
+    add_header X-Content-Type-Options nosniff;
+    add_header Strict-Transport-Security "max-age=31536000";
+
+    location / {
+        uwsgi_pass 127.0.0.1:3035;
+        include uwsgi_params;
+    }
+
+    location /static/ {
+        alias /srv/AKPlanning/static;
+        access_log off;
+        expires 365d;
+        add_header Cache-Control "public";
+    }
+}

handlers/main.yml

 ---
-# handlers file for kif.akplanning
\ No newline at end of file
+- name: restart akplanning
+  service:
+    name: akplanning
+    state: restarted
+    enabled: yes

meta/main.yml

@@ -39,6 +39,6 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
+dependencies:
+  - nginx
+  - mariadb_client

molecule/default/INSTALL.rst

-*******
-Docker driver installation guide
-*******
-
-Requirements
-============
-
-* Docker Engine
-
-Install
-=======
-
-Please refer to the `Virtual environment`_ documentation for installation best
-practices. If not using a virtual environment, please consider passing the
-widely recommended `'--user' flag`_ when invoking ``pip``.
-
-.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
-.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
-
-.. code-block:: bash
-
-    $ python3 -m pip install 'molecule[docker]'

molecule/default/converge.yml

 ---
 - name: Converge
   hosts: all
+  become: true
+
   tasks:
-    - name: "Include kif.akplanning"
+    - name: Include kif.akplanning
       include_role:
-        name: "kif.akplanning"
+        name: kif.akplanning
+      vars:
+        akplanning_mariadb_host: instance
+        akplanning_mariadb_user: akplanning
+        akplanning_mariadb_pass: akplanning
+        akplanning_secret_key: this-is-a-secret
+        akplanning_allowed_hosts: "'127.0.0.1'"
+
+  post_tasks:
+    - name: Ensure AKPlanning is running
+      uri:
+        url: http://127.0.0.1/
+        status_code: 200
+      register: result
+      until: result.status == 200
+      retries: 60
+      delay: 1

molecule/default/molecule.yml

@@ -5,13 +5,38 @@ driver:
   name: docker
 platforms:
   - name: instance
-    image: docker.io/pycontribs/centos:8
+    image: docker.io/geerlingguy/docker-ubuntu2004-ansible
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    capabilities:
+      - SYS_ADMIN
+    command: /lib/systemd/systemd
     pre_build_image: true
 provisioner:
   name: ansible
+  playbooks:
+    converge: converge.yml
 verifier:
   name: ansible
 lint: |
   set -e
   yamllint .
   ansible-lint .
+scenario:
+  test_sequence:
+    - dependency
+    - lint
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    #- idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy

molecule/default/prepare.yml

+---
+- name: Prepare
+  hosts: all
+  tasks:
+    - name: Update apt cache
+      apt: update_cache=true cache_valid_time=600
+    - name: Install mariadb
+      include_role:
+        name: mariadb
+      vars:
+        mariadb_root_password: this-is-a-test

molecule/default/requirements.yml

+---
+- src: https://gitlab.fachschaften.org/fsi-ansible/nginx.git
+  scm: git
+- src: https://gitlab.fachschaften.org/fsi-ansible/mariadb.git
+  scm: git
+- src: https://gitlab.fachschaften.org/fsi-ansible/mariadb_client.git
+  scm: git

molecule/default/verify.yml

@@ -4,6 +4,7 @@
 - name: Verify
   hosts: all
   tasks:
-  - name: Example assertion
-    assert:
-      that: true
+  - name: Ensure AKPlanning is running
+    uri:
+      url: http://127.0.0.1/
+      status_code: 200

tasks/main.yml

 ---
-# tasks file for kif.akplanning
\ No newline at end of file
+- name: Install dependencies
+  apt:
+    name:
+      - git
+      - build-essential
+      - python3-virtualenv
+      - python3
+      - python3-pip
+      - python3-dev
+      - libmysqlclient-dev
+      - gettext
+      - uwsgi
+      - uwsgi-plugin-python3
+    state: present
+    update-cache: yes
+
+- name: Check if this is a rerun
+  stat:
+    path: /srv/AKPlanning/AKPlanning/settings_production.py
+  register: akplanning_settings
+
+- name: Set the original db host so we can update
+  lineinfile:
+    path: /srv/AKPlanning/AKPlanning/settings_production.py
+    line: "        'HOST': 'localhost',"
+    regexp: "^        'HOST':"
+    mode: preserve
+  when: akplanning_settings.stat.exists
+  notify: restart akplanning
+
+- name: Clone AKPlanning
+  git:
+    repo: https://gitlab.fachschaften.org/kif/akplanning.git
+    dest: /srv/AKPlanning/
+    version: master
+  register: akplanning_installation
+
+- name: Create django group
+  group:
+    name: django
+    system: yes
+
+- name: Create django user
+  user:
+    name: django
+    comment: "django user"
+    group: django
+    home: /srv/AKPlanning/
+    system: yes
+
+- name: Give akplanning to user django
+  file:
+    path: /srv/AKPlanning/
+    state: directory
+    owner: django
+    group: django
+    mode: preserve
+    recurse: yes
+
+- name: Install python dependencies
+  pip:
+    requirements: requirements.txt
+    chdir: /srv/AKPlanning/
+    virtualenv: /srv/AKPlanning/venv
+    virtualenv_python: python3.8
+  become: yes
+  become_user: django
+
+- name: Create akplanning db
+  import_role:
+    name: mariadb_client
+  vars:
+    db_user:
+      name: "{{ akplanning_mariadb_user }}"
+      password: "{{ akplanning_mariadb_pass }}"
+    db_host: "{{ akplanning_mariadb_host }}"
+
+- name: Configure AKPlanning
+  template:
+    src: settings_secrets.py.j2
+    dest: /srv/AKPlanning/AKPlanning/settings_secrets.py
+    mode: 0600
+    owner: django
+    group: django
+  notify: restart akplanning
+
+- name: Set the correct db host
+  lineinfile:
+    path: /srv/AKPlanning/AKPlanning/settings_production.py
+    line: "        'HOST': 'instance',"
+    regexp: "^        'HOST':"
+    mode: preserve
+  notify: restart akplanning
+
+- name: AKPlanning migrate and stuff
+  shell: |
+    . /srv/AKPlanning/venv/bin/activate
+    /srv/AKPlanning/venv/bin/python manage.py migrate
+    /srv/AKPlanning/venv/bin/python manage.py collectstatic --noinput
+    /srv/AKPlanning/venv/bin/python manage.py compilemessages -l de_DE
+  args:
+    chdir: /srv/AKPlanning
+  environment:
+    DJANGO_SETTINGS_MODULE: AKPlanning.settings_production
+  become: yes
+  become_user: django
+  when: akplanning_installation.before != akplanning_installation.after
+  notify: restart akplanning
+
+- name: Install akplanning service file
+  copy:
+    src: akplanning.service
+    dest: /etc/systemd/system/akplanning.service
+    mode: 0644
+  notify: restart akplanning
+
+- name: Enable akplanning services
+  systemd:
+    daemon-reload: yes
+    enabled: true
+    name: akplanning
+
+- name: Install nginx config
+  copy:
+    src: nginx.conf
+    dest: /etc/nginx/conf.d/akplanning.conf
+    mode: 0600
+    owner: root
+    group: root
+  notify: restart nginx

templates/settings_secrets.py.j2

+SECRET_KEY = '{{ akplanning_secret_key }}'
+
+HOSTS = [{{ akplanning_allowed_hosts }}]
+
+DB_NAME = '{{ akplanning_mariadb_user }}'
+
+DB_USER = '{{ akplanning_mariadb_user }}'
+
+DB_PASSWORD = '{{ akplanning_mariadb_pass }}'