mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
mysql_dashboard
infrastructure/roles/patchwork/tasks/main.yml
Frederik Schwan 8decc2e977
use fetchmail for donor import 
The former approach to export a maildir and iterate over it with a
script broke when the mail server and the web server got on their
own hosts. This will use IMAP IDLE to check for new mails and pass
them instantly to the djange manage.py script without storing the mail
locally.
2020-12-30 21:33:28 +01:00

137 lines
5.8 KiB
YAML
Raw Permalink Blame History

---
- name: run maintenance mode
include_role:
name: maintenance
vars:
service_name: "patchwork"
service_domain: "{{ patchwork_domain }}"
service_alternate_domains: []
service_nginx_conf: "{{ patchwork_nginx_conf }}"
when: maintenance is defined
- name: install packages
pacman: name=gcc,git,python,python-psycopg2,sudo,uwsgi-plugin-python,python-pip state=present
- name: make patchwork user
user: name=patchwork shell=/bin/false home="{{ patchwork_dir }}" createhome=no
- name: fix home permissions
file: state=directory owner=patchwork group=patchwork mode=0755 path="{{ patchwork_dir }}"
- name: set patchwork groups
user: name=patchwork groups=uwsgi
- name: set up nginx
template: src=nginx.d.conf.j2 dest="{{ patchwork_nginx_conf }}" owner=root group=root mode=644
notify:
- reload nginx
when: maintenance is not defined
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ patchwork_domain }} state=directory owner=root group=root mode=0755
- name: clone patchwork repo
git: repo=https://github.com/getpatchwork/patchwork.git dest="{{ patchwork_dir }}" version="{{ patchwork_version }}"
become: true
become_user: patchwork
register: release
- name: make virtualenv
command: python -m venv "{{ patchwork_dir }}"/env creates="{{ patchwork_dir }}/env/bin/python"
become: true
become_user: patchwork
- name: install from requirements into virtualenv
pip: requirements="{{ patchwork_dir }}/requirements-prod.txt" virtualenv="{{ patchwork_dir }}/env" extra_args="--no-binary :all:"
become: true
become_user: patchwork
register: virtualenv
- name: fix home permissions
file: state=directory owner=patchwork group=patchwork mode=0755 path="{{ patchwork_dir }}"
- name: configure patchwork
template: src=production.py.j2 dest="{{ patchwork_dir }}/patchwork/settings/production.py" owner=patchwork group=patchwork mode=0660
register: config
no_log: true
- name: create patchwork db users
postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
no_log: true
with_items:
- { user: "{{ patchwork_db_user }}", password: "{{ vault_patchwork_db_password }}" }
- { user: "{{ patchwork_db_backup_user }}", password: "{{ vault_patchwork_db_backup_password }}" }
- name: create patchwork db
postgresql_db: name="{{ patchwork_db }}" login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ patchwork_db_user }}"
register: db_created
- name: django migrate
django_manage: app_path="{{ patchwork_dir }}" command=migrate virtualenv="{{ patchwork_dir }}/env"
become: true
become_user: patchwork
when: (db_created.changed or release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: db privileges for patchwork users
postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
privs=CONNECT roles="{{ item }}" type=database
with_items:
- "{{ patchwork_db_backup_user }}"
- name: table privileges for patchwork users
postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
with_items:
- { user: "{{ patchwork_db_backup_user }}", objs: "{{ patchwork_db_backup_table_objs }}" }
- name: sequence privileges for patchwork users
postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
with_items:
- { user: "{{ patchwork_db_backup_user }}", objs: "{{ patchwork_db_backup_sequence_objs }}" }
- name: django collectstatic
django_manage: app_path="{{ patchwork_dir }}" command=collectstatic virtualenv="{{ patchwork_dir }}/env"
become: true
become_user: patchwork
when: (db_created.changed or release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: install patchwork parsemail script
template: src="patchwork-parsemail-wrapper.sh.j2" dest="/usr/local/bin/patchwork-parsemail-wrapper.sh" owner=root group=root mode=0755
- name: install sudoer rights for fetchmail to call patchwork
template: src=sudoers-fetchmail-patchwork.j2 dest=/etc/sudoers.d/fetchmail-patchwork owner=root group=root mode=0440
- name: install patchwork memcached service
template: src="patchwork-memcached.service.j2" dest="/etc/systemd/system/patchwork-memcached.service" owner=root group=root mode=0644
notify:
- daemon reload
- name: install patchwork notification service
template: src="patchwork-notification.service.j2" dest="/etc/systemd/system/patchwork-notification.service" owner=root group=root mode=0644
notify:
- daemon reload
- name: install patchwork notification timer
template: src="patchwork-notification.timer.j2" dest="/etc/systemd/system/patchwork-notification.timer" owner=root group=root mode=0644
notify:
- daemon reload
- name: deploy patchwork
template: src=patchwork.ini.j2 dest=/etc/uwsgi/vassals/patchwork.ini owner=patchwork group=http mode=0644
- name: deploy new release
file: path=/etc/uwsgi/vassals/patchwork.ini state=touch owner=patchwork group=http mode=0644
when: (release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: start and enable patchwork memcached service and notification timer
systemd:
name: "{{ item }}"
enabled: yes
state: started
daemon_reload: yes
with_items:
- patchwork-memcached.service
- patchwork-notification.timer
View Git Blame Copy Permalink