mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-04 07:46:04 +02:00
Code Issues
infrastructure/roles/patchwork/tasks/main.yml
Evangelos Foutras 578b781966
Capitalize the handler name in handler invocations 
Fixes: 26f289b72b ("Capitalize the first letter of all task names")
2022-08-29 21:46:39 +03:00

142 lines
5.9 KiB
YAML
Raw Blame History

- name: Run maintenance mode
include_role:
name: maintenance
vars:
service_name: "patchwork"
service_domain: "{{ patchwork_domain }}"
service_alternate_domains: []
service_nginx_conf: "{{ patchwork_nginx_conf }}"
when: maintenance is defined
- name: Install packages
pacman: name=gcc,git,python,python-psycopg2,sudo,uwsgi-plugin-python,python-pip state=present
- name: Make patchwork user
user: name=patchwork shell=/bin/false home="{{ patchwork_dir }}" createhome=no
- name: Fix home permissions
file: state=directory owner=patchwork group=patchwork mode=0755 path="{{ patchwork_dir }}"
- name: Set patchwork groups
user: name=patchwork groups=uwsgi
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ patchwork_domain }}"]
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="{{ patchwork_nginx_conf }}" owner=root group=root mode=644
notify:
- Reload nginx
when: maintenance is not defined
tags: ['nginx']
- name: Make nginx log dir
file: path=/var/log/nginx/{{ patchwork_domain }} state=directory owner=root group=root mode=0755
- name: Clone patchwork repo
git: repo=https://github.com/getpatchwork/patchwork.git dest="{{ patchwork_dir }}" version="{{ patchwork_version }}"
become: true
become_user: patchwork
register: release
- name: Make virtualenv
command: python -m venv "{{ patchwork_dir }}"/env creates="{{ patchwork_dir }}/env/bin/python"
become: true
become_user: patchwork
- name: Install from requirements into virtualenv
pip: requirements="{{ patchwork_dir }}/requirements-prod.txt" virtualenv="{{ patchwork_dir }}/env" extra_args="--no-binary :all:"
become: true
become_user: patchwork
register: virtualenv
- name: Fix home permissions
file: state=directory owner=patchwork group=patchwork mode=0755 path="{{ patchwork_dir }}"
- name: Configure patchwork
template: src=production.py.j2 dest="{{ patchwork_dir }}/patchwork/settings/production.py" owner=patchwork group=patchwork mode=0660
register: config
no_log: true
- name: Create patchwork db users
postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
no_log: true
with_items:
- { user: "{{ patchwork_db_user }}", password: "{{ vault_patchwork_db_password }}" }
- { user: "{{ patchwork_db_backup_user }}", password: "{{ vault_patchwork_db_backup_password }}" }
- name: Create patchwork db
postgresql_db: name="{{ patchwork_db }}" login_host="{{ patchwork_db_host }}" login_password="{{ vault_postgres_users.postgres }}" owner="{{ patchwork_db_user }}"
register: db_created
- name: Django migrate
django_manage: app_path="{{ patchwork_dir }}" command=migrate virtualenv="{{ patchwork_dir }}/env"
become: true
become_user: patchwork
when: (db_created.changed or release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: DB privileges for patchwork users
postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
privs=CONNECT roles="{{ item }}" type=database
with_items:
- "{{ patchwork_db_backup_user }}"
- name: Table privileges for patchwork users
postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
with_items:
- { user: "{{ patchwork_db_backup_user }}", objs: "{{ patchwork_db_backup_table_objs }}" }
- name: Sequence privileges for patchwork users
postgresql_privs: database="{{ patchwork_db }}" host="{{ patchwork_db_host }}" login="{{ patchwork_db_user }}" password="{{ vault_patchwork_db_password }}"
privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
with_items:
- { user: "{{ patchwork_db_backup_user }}", objs: "{{ patchwork_db_backup_sequence_objs }}" }
- name: Django collectstatic
django_manage: app_path="{{ patchwork_dir }}" command=collectstatic virtualenv="{{ patchwork_dir }}/env"
become: true
become_user: patchwork
when: (db_created.changed or release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: Install patchwork parsemail script
template: src="patchwork-parsemail-wrapper.sh.j2" dest="/usr/local/bin/patchwork-parsemail-wrapper.sh" owner=root group=root mode=0755
- name: Install sudoer rights for fetchmail to call patchwork
template: src=sudoers-fetchmail-patchwork.j2 dest=/etc/sudoers.d/fetchmail-patchwork owner=root group=root mode=0440
- name: Install patchwork memcached service
template: src="patchwork-memcached.service.j2" dest="/etc/systemd/system/patchwork-memcached.service" owner=root group=root mode=0644
notify:
- Daemon reload
- name: Install patchwork notification service
template: src="patchwork-notification.service.j2" dest="/etc/systemd/system/patchwork-notification.service" owner=root group=root mode=0644
notify:
- Daemon reload
- name: Install patchwork notification timer
template: src="patchwork-notification.timer.j2" dest="/etc/systemd/system/patchwork-notification.timer" owner=root group=root mode=0644
notify:
- Daemon reload
- name: Deploy patchwork
template: src=patchwork.ini.j2 dest=/etc/uwsgi/vassals/patchwork.ini owner=patchwork group=http mode=0644
- name: Deploy new release
file: path=/etc/uwsgi/vassals/patchwork.ini state=touch owner=patchwork group=http mode=0644
when: (release.changed or config.changed or virtualenv.changed or patchwork_forced_deploy)
- name: Start and enable patchwork memcached service and notification timer
systemd:
name: "{{ item }}"
enabled: true
state: started
daemon_reload: true
with_items:
- patchwork-memcached.service
- patchwork-notification.timer
View Git Blame Copy Permalink