From 49574b9962ad315728a3ab7a229d19d80c4c5f19 Mon Sep 17 00:00:00 2001 From: fdavis Date: Fri, 21 Jun 2013 19:01:02 -0700 Subject: [PATCH] refactoring nginx/uwsgi for apache/modpython --- TODO | 4 -- group_vars/all | 2 + postgres.yml | 7 +++ production | 8 ++- roles/django/files/django | 17 ++++++ roles/django/handlers/main.yml | 3 + roles/django/tasks/main.yml | 36 +++++++++++- roles/postgres/files/pg_hba.conf | 99 ++++++++++++++++++++++++++++++++ roles/postgres/tasks/main.yml | 21 +++++++ 9 files changed, 190 insertions(+), 7 deletions(-) delete mode 100644 TODO create mode 100644 group_vars/all create mode 100644 postgres.yml create mode 100644 roles/django/files/django create mode 100644 roles/django/handlers/main.yml create mode 100644 roles/postgres/files/pg_hba.conf create mode 100644 roles/postgres/tasks/main.yml diff --git a/TODO b/TODO deleted file mode 100644 index 079aef7..0000000 --- a/TODO +++ /dev/null @@ -1,4 +0,0 @@ -setup other account for machines to use READ ONLY -snapshot VBox -playbook to get django hello world setup - diff --git a/group_vars/all b/group_vars/all new file mode 100644 index 0000000..4484965 --- /dev/null +++ b/group_vars/all @@ -0,0 +1,2 @@ +--- +place_holder: data diff --git a/postgres.yml b/postgres.yml new file mode 100644 index 0000000..97bae38 --- /dev/null +++ b/postgres.yml @@ -0,0 +1,7 @@ +--- +- hosts: postgres-servers + sudo: yes + roles: + - role: postgres + tags: + - postgres diff --git a/production b/production index c94a01d..37edb7f 100644 --- a/production +++ b/production @@ -1,2 +1,8 @@ -[django-servers] +# specify vars at top of hostfile or in host_vars files ubuntu-server ansible_ssh_port=2222 ansible_ssh_host=127.0.0.1 + +[django-servers] +ubuntu-server + +[postgres-servers] +ubuntu-server diff --git a/roles/django/files/django b/roles/django/files/django new file mode 100644 index 0000000..84528fa --- /dev/null +++ b/roles/django/files/django @@ -0,0 +1,17 @@ + + ServerAdmin webmaster@localhost + DocumentRoot /var/www + + SetHandler python-program + PythonHandler django.core.handlers.modpython + SetEnv DJANGO_SETTINGS_MODULE mysite.settings + PythonDebug Off + + + ErrorLog ${APACHE_LOG_DIR}/error.log + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/access.log combined + + diff --git a/roles/django/handlers/main.yml b/roles/django/handlers/main.yml new file mode 100644 index 0000000..87367b6 --- /dev/null +++ b/roles/django/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: service apache2 start/enable + service: name=apache2 state=restarted enabled=yes diff --git a/roles/django/tasks/main.yml b/roles/django/tasks/main.yml index 9d0396d..c78e5fb 100644 --- a/roles/django/tasks/main.yml +++ b/roles/django/tasks/main.yml @@ -1,12 +1,44 @@ --- - name: get the django source uri: url=https://www.djangoproject.com/download/1.5.1/tarball/ dest=/opt/django.tgz follow_redirects=yes creates=/opt/django.tgz + notify: service nginx start/enable - name: untar django command: tar xf /opt/django.tgz -C /opt creates=/opt/Django-1.5.1 + notify: service nginx start/enable - name: install it command: chdir=/opt/Django-1.5.1 python setup.py install creates=/opt/Django-1.5.1/README.rst + notify: service nginx start/enable -- name: print out the version - command: python -c "import django; print django.VERSION" +- name: update + command: apt-get update -y + +- name: install python-psycopg2/nginx/mod_python + apt: pkg=python-psycopg2 state=present + with_items: + - python-psycopg2 + - python-pip + notify: service nginx start/enable + +- name: install uwsgi + pip: name=uwsgi state=present + +- name: symlink mod python + command: ln -s ../mods-available/python.load /etc/nginx/mods-enabled/python.load creates=/etc/nginx/mods-enabled/python.load + notify: service nginx start/enable + +- name: copy over django site conf + copy: src=django dest=/etc/nginx/sites-available/django owner=root group=root mode=0644 + notify: service nginx start/enable + +- name: symlink sites enabled + command: ln -s ../sites-available/django /etc/nginx/sites-enabled/000-django creates=/etc/nginx/sites-enabled/000-django + notify: service nginx start/enable + +- name: remove default site symlink + file: path=/etc/nginx/sites-enabled/000-default state=absent + notify: service nginx start/enable + +- name: print out some versions + shell: python --version; python -c "import django; print django.VERSION" diff --git a/roles/postgres/files/pg_hba.conf b/roles/postgres/files/pg_hba.conf new file mode 100644 index 0000000..a7d203a --- /dev/null +++ b/roles/postgres/files/pg_hba.conf @@ -0,0 +1,99 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", +# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that +# "password" sends passwords in clear text; "md5" is preferred since +# it sends encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +#local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all trust +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 trust +# Allow replication connections from localhost, by a user with the +# replication privilege. +#local replication postgres peer +#host replication postgres 127.0.0.1/32 md5 +#host replication postgres ::1/128 md5 diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml new file mode 100644 index 0000000..83cc7c3 --- /dev/null +++ b/roles/postgres/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: install postgres pkgs + apt: pkg=$item state=present + with_items: + - libpq-dev + - postgresql + - python-psycopg2 + +- name: setup pg_hba file + copy: src=pg_hba.conf dest=/etc/postgresql/9.1/main/pg_hba.conf owner=postgres group=postgres mode=0640 + register: pg_file + +- name: reload postgres if it changed + service: name=postgresql state=reloaded enabled=yes + when: pg_file.changed + +- name: make a db + postgresql_db: db=dj + +- name: make a db user + postgresql_user: db=dj user=django password=ceec4eif7ya priv=ALL