Merge lp:~ricardokirkner/locolander/vagrant into lp:locolander

Proposed by Ricardo Kirkner
Status: Needs review
Proposed branch: lp:~ricardokirkner/locolander/vagrant
Merge into: lp:locolander
Diff against target: 919 lines (+815/-0)
18 files modified
README (+25/-0)
Vagrantfile (+26/-0)
ansible/deploy/templates/production.py (+201/-0)
ansible/deploy/webserver.yml (+67/-0)
ansible/hosts (+5/-0)
ansible/provision/dbserver.yml (+40/-0)
ansible/provision/files/docker/authentication.conf (+4/-0)
ansible/provision/files/docker/bazaar.conf (+3/-0)
ansible/provision/site.yml (+3/-0)
ansible/provision/templates/docker/95proxies (+3/-0)
ansible/provision/templates/docker/Dockerfile (+33/-0)
ansible/provision/templates/docker/environment (+10/-0)
ansible/provision/templates/nginx/nginx.conf (+25/-0)
ansible/provision/templates/postgresql/pg_hba.conf (+35/-0)
ansible/provision/templates/postgresql/postgresql.conf (+96/-0)
ansible/provision/templates/squid/squid.conf (+84/-0)
ansible/provision/templates/supervisor/supervisor.conf (+27/-0)
ansible/provision/webserver.yml (+128/-0)
To merge this branch: bzr merge lp:~ricardokirkner/locolander/vagrant
Reviewer Review Type Date Requested Status
LocoLanderos Pending
Review via email: mp+180928@code.launchpad.net

Commit message

addded vagrant support using ansible to provision and deploy

To post a comment you must log in.
35. By Ricardo Kirkner

correctly keep current/last links in place

Unmerged revisions

35. By Ricardo Kirkner

correctly keep current/last links in place

34. By Ricardo Kirkner

added instructions on how to deploy to a Vagrant vm

33. By Ricardo Kirkner

added playbook for deploying the application

32. By Ricardo Kirkner

added Vagrantfile including provisioning via ansible

31. By Ricardo Kirkner

added ansible playbook for provisioning the web/app server

30. By Ricardo Kirkner

added ansible playbook for provisioning database server

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'README'
2--- README 2013-07-13 17:01:27 +0000
3+++ README 2013-08-19 19:23:44 +0000
4@@ -38,3 +38,28 @@
5 ::
6
7 fab test
8+
9+
10+Using Vagrant
11+=============
12+
13+Make sure ansible doesn't need to supply a password to ssh into the vm
14+::
15+
16+ ssh-add ~/.vagrant.d/insecure_private_key
17+
18+Create the new vm
19+::
20+
21+ vagrant up
22+
23+The previous step can sometimes fail to fully provision the vm, in which case just
24+re-run the provisioning step
25+::
26+
27+ vagrant provision
28+
29+Finally, deploy the application
30+::
31+
32+ ansible-playbook -i ansible/hosts ansible/deploy/webserver.yml -u vagrant
33
34=== added file 'Vagrantfile'
35--- Vagrantfile 1970-01-01 00:00:00 +0000
36+++ Vagrantfile 2013-08-19 19:23:44 +0000
37@@ -0,0 +1,26 @@
38+# -*- mode: ruby -*-
39+# vi: set ft=ruby :
40+
41+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
42+VAGRANTFILE_API_VERSION = "2"
43+
44+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
45+ config.vm.box = "precise64"
46+ config.vm.box_url = "http://files.vagrantup.com/precise64.box"
47+
48+ config.vm.network :forwarded_port, guest: 80, host: 42080
49+ config.vm.network :forwarded_port, guest: 5432, host: 47432
50+ config.vm.network :private_network, ip: "192.168.33.10"
51+
52+ # If true, then any SSH connections made will enable agent forwarding.
53+ # Default value: false
54+ # config.ssh.forward_agent = true
55+
56+ config.vm.provision :ansible do |ansible|
57+ ansible.playbook = "ansible/provision/site.yml"
58+ ansible.inventory_file = "ansible/hosts"
59+ ansible.hosts = "all"
60+ ansible.verbose = true
61+ end
62+
63+end
64
65=== added directory 'ansible'
66=== added directory 'ansible/deploy'
67=== added directory 'ansible/deploy/templates'
68=== added file 'ansible/deploy/templates/production.py'
69--- ansible/deploy/templates/production.py 1970-01-01 00:00:00 +0000
70+++ ansible/deploy/templates/production.py 2013-08-19 19:23:44 +0000
71@@ -0,0 +1,201 @@
72+# Django settings for locolander project.
73+
74+import os
75+
76+PROJECT_DIR = os.path.abspath(os.path.dirname(__file__))
77+
78+DEBUG = False
79+TEMPLATE_DEBUG = DEBUG
80+
81+ADMINS = (
82+ # ('Your Name', 'your_email@example.com'),
83+)
84+
85+MANAGERS = ADMINS
86+
87+DATABASES = {
88+ 'default': {
89+ 'ENGINE': 'django.db.backends.postgresql_psycopg2',
90+ 'NAME': '{{ database_name }}',
91+ # The following settings are not used with sqlite3:
92+ 'USER': '{{ database_user }}',
93+ 'PASSWORD': '{{ database_password }}',
94+ 'HOST': '{{ database_host }}',
95+ 'PORT': '{{ database_port }}',
96+ }
97+}
98+
99+# Hosts/domain names that are valid for this site; required if DEBUG is False
100+# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
101+ALLOWED_HOSTS = ['{{ project_fqdn }}']
102+
103+# Local time zone for this installation. Choices can be found here:
104+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
105+# although not all choices may be available on all operating systems.
106+# In a Windows environment this must be set to your system time zone.
107+TIME_ZONE = 'UTC'
108+
109+# Language code for this installation. All choices can be found here:
110+# http://www.i18nguy.com/unicode/language-identifiers.html
111+LANGUAGE_CODE = 'en-us'
112+
113+SITE_ID = 1
114+
115+# If you set this to False, Django will make some optimizations so as not
116+# to load the internationalization machinery.
117+USE_I18N = True
118+
119+# If you set this to False, Django will not format dates, numbers and
120+# calendars according to the current locale.
121+USE_L10N = True
122+
123+# If you set this to False, Django will not use timezone-aware datetimes.
124+USE_TZ = False
125+
126+# Absolute filesystem path to the directory that will hold user-uploaded files.
127+# Example: "/var/www/example.com/media/"
128+MEDIA_ROOT = ''
129+
130+# URL that handles the media served from MEDIA_ROOT. Make sure to use a
131+# trailing slash.
132+# Examples: "http://example.com/media/", "http://media.example.com/"
133+MEDIA_URL = ''
134+
135+# Absolute path to the directory static files should be collected to.
136+# Don't put anything in this directory yourself; store your static files
137+# in apps' "static/" subdirectories and in STATICFILES_DIRS.
138+# Example: "/var/www/example.com/static/"
139+STATIC_ROOT = '{{ project_root }}/static/'
140+
141+# URL prefix for static files.
142+# Example: "http://example.com/static/", "http://static.example.com/"
143+STATIC_URL = '/static/'
144+
145+# Additional locations of static files
146+STATICFILES_DIRS = (
147+ # Put strings here, like "/home/html/static" or "C:/www/django/static".
148+ # Always use forward slashes, even on Windows.
149+ # Don't forget to use absolute paths, not relative paths.
150+)
151+
152+# List of finder classes that know how to find static files in
153+# various locations.
154+STATICFILES_FINDERS = (
155+ 'django.contrib.staticfiles.finders.FileSystemFinder',
156+ 'django.contrib.staticfiles.finders.AppDirectoriesFinder',
157+ #'django.contrib.staticfiles.finders.DefaultStorageFinder',
158+)
159+
160+# Make this unique, and don't share it with anybody.
161+SECRET_KEY = 'n%*du-f&v!=yilqnq7p45v!tbegoh5p)-16ns89kq1+r5afg^b'
162+
163+# List of callables that know how to import templates from various sources.
164+TEMPLATE_LOADERS = (
165+ 'django.template.loaders.filesystem.Loader',
166+ 'django.template.loaders.app_directories.Loader',
167+ #'django.template.loaders.eggs.Loader',
168+)
169+
170+MIDDLEWARE_CLASSES = (
171+ 'django.middleware.common.CommonMiddleware',
172+ 'django.contrib.sessions.middleware.SessionMiddleware',
173+ 'django.middleware.csrf.CsrfViewMiddleware',
174+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
175+ 'django.contrib.messages.middleware.MessageMiddleware',
176+ # Uncomment the next line for simple clickjacking protection:
177+ # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
178+)
179+
180+ROOT_URLCONF = 'locolander.urls'
181+
182+# Python dotted path to the WSGI application used by Django's runserver.
183+WSGI_APPLICATION = 'locolander.wsgi.application'
184+
185+TEMPLATE_DIRS = (
186+ # Put strings here, like "/home/html/django_templates"
187+ # or "C:/www/django/templates".
188+ # Always use forward slashes, even on Windows.
189+ # Don't forget to use absolute paths, not relative paths.
190+)
191+
192+INSTALLED_APPS = (
193+ 'django.contrib.auth',
194+ 'django.contrib.contenttypes',
195+ 'django.contrib.sessions',
196+ 'django.contrib.sites',
197+ 'django.contrib.messages',
198+ 'django.contrib.staticfiles',
199+ 'django.contrib.admin',
200+ 'djcelery',
201+ 'locolanderweb',
202+ 'south',
203+ 'allauth',
204+ 'allauth.account',
205+ 'allauth.socialaccount',
206+ # ... include the providers you want to enable:
207+ #'allauth.socialaccount.providers.bitly',
208+ #'allauth.socialaccount.providers.facebook',
209+ 'allauth.socialaccount.providers.github',
210+ 'allauth.socialaccount.providers.google',
211+ #'allauth.socialaccount.providers.linkedin',
212+ #'allauth.socialaccount.providers.openid',
213+ 'allauth.socialaccount.providers.twitter',
214+)
215+
216+AUTHENTICATION_BACKENDS = (
217+ # Needed to login by username in Django admin, regardless of `allauth`
218+ "django.contrib.auth.backends.ModelBackend",
219+ # `allauth` specific authentication methods, such as login by e-mail
220+ "allauth.account.auth_backends.AuthenticationBackend",
221+)
222+
223+TEMPLATE_CONTEXT_PROCESSORS = (
224+ 'django.contrib.auth.context_processors.auth',
225+ 'django.core.context_processors.debug',
226+ 'django.core.context_processors.i18n',
227+ 'django.core.context_processors.media',
228+ 'django.core.context_processors.request',
229+ 'django.core.context_processors.static',
230+ 'django.core.context_processors.tz',
231+ 'django.contrib.messages.context_processors.messages',
232+ 'allauth.account.context_processors.account',
233+ 'allauth.socialaccount.context_processors.socialaccount',
234+)
235+
236+# A sample logging configuration. The only tangible logging
237+# performed by this configuration is to send an email to
238+# the site admins on every HTTP 500 error when DEBUG=False.
239+# See http://docs.djangoproject.com/en/dev/topics/logging for
240+# more details on how to customize your logging configuration.
241+LOGGING = {
242+ 'version': 1,
243+ 'disable_existing_loggers': False,
244+ 'filters': {
245+ 'require_debug_false': {
246+ '()': 'django.utils.log.RequireDebugFalse'
247+ }
248+ },
249+ 'handlers': {
250+ 'mail_admins': {
251+ 'level': 'ERROR',
252+ 'filters': ['require_debug_false'],
253+ 'class': 'django.utils.log.AdminEmailHandler'
254+ }
255+ },
256+ 'loggers': {
257+ 'django.request': {
258+ 'handlers': ['mail_admins'],
259+ 'level': 'ERROR',
260+ 'propagate': True,
261+ },
262+ }
263+}
264+
265+# settings for celery/redis
266+import djcelery
267+djcelery.setup_loader()
268+
269+BROKER_URL = 'redis://localhost:6379/0'
270+
271+LOGIN_URL = '/accounts/login/'
272+LOGIN_REDIRECT_URL = '/'
273
274=== added file 'ansible/deploy/webserver.yml'
275--- ansible/deploy/webserver.yml 1970-01-01 00:00:00 +0000
276+++ ansible/deploy/webserver.yml 2013-08-19 19:23:44 +0000
277@@ -0,0 +1,67 @@
278+---
279+- hosts: webservers
280+ sudo: true
281+
282+ vars:
283+ project_branch: lp:locolander
284+ project_revno: head
285+ project_name: locolander
286+ project_fqdn: ${inventory_hostname}
287+ project_user: locolander
288+ project_root: /srv/${project_name}
289+ database_name: locolander
290+ database_user: locolander
291+ database_password: locolander
292+ database_host: 192.168.33.10
293+ database_port: 5432
294+
295+ tasks:
296+ - name: Deploy code from repository.
297+ bzr: name=${project_branch} dest=${project_root}/code/${project_revno} force=yes version=${project_revno}
298+ sudo_user: ${project_user}
299+
300+ - name: Get current symlink target
301+ command: bzr revno ${project_root}/code/current
302+ register: current_revno
303+ ignore_errors: true
304+
305+ - name: Switch previous symlink
306+ file: owner=${project_user} path=${project_root}/code/last src=${project_root}/code/${current_revno.stdout} state=link
307+ when: current_revno.rc == 0
308+ sudo_user: ${project_user}
309+
310+ - name: Switch current symlink
311+ file: owner=${project_user} path=${project_root}/code/current src=${project_root}/code/${project_revno} state=link
312+ sudo_user: ${project_user}
313+
314+ - name: Install dependencies into virtualenv.
315+ action: pip requirements=${project_root}/code/current/requirements.txt virtualenv=${project_root}/env state=present
316+ sudo_user: ${project_user}
317+
318+ - name: Update settings file.
319+ template: src=templates/production.py dest=${project_root}/config/production.py owner=${project_user} group=${project_user}
320+
321+ - name: Sync database.
322+ django_manage: command=syncdb app_path=${project_root}/code/current/${project_name} virtualenv=${project_root}/env pythonpath=${project_root}/config settings=production
323+ sudo_user: ${project_user}
324+
325+ - name: Run schema migrations.
326+ django_manage: command=migrate app_path=${project_root}/code/current/${project_name} virtualenv=${project_root}/env pythonpath=${project_root}/config settings=production
327+ sudo_user: ${project_user}
328+
329+ - name: Collect static media.
330+ django_manage: command=collectstatic app_path=${project_root}/code/current/${project_name} virtualenv=${project_root}/env pythonpath=${project_root}/config settings=production
331+ sudo_user: ${project_user}
332+
333+ - name: Restart appserver.
334+ command: echo "Restarting appserver"
335+ notify:
336+ - restart gunicorn
337+ - restart celery
338+
339+ handlers:
340+ - name: restart gunicorn
341+ supervisorctl: name=${project_name}-gunicorn state=restarted
342+
343+ - name: restart celery
344+ supervisorctl: name=${project_name}-celeryd state=restarted
345
346=== added file 'ansible/hosts'
347--- ansible/hosts 1970-01-01 00:00:00 +0000
348+++ ansible/hosts 2013-08-19 19:23:44 +0000
349@@ -0,0 +1,5 @@
350+[dbservers]
351+192.168.33.10
352+
353+[webservers]
354+192.168.33.10
355
356=== added directory 'ansible/provision'
357=== added file 'ansible/provision/dbserver.yml'
358--- ansible/provision/dbserver.yml 1970-01-01 00:00:00 +0000
359+++ ansible/provision/dbserver.yml 2013-08-19 19:23:44 +0000
360@@ -0,0 +1,40 @@
361+---
362+- hosts: dbservers
363+ sudo: true
364+ gather_facts: no
365+
366+ vars:
367+ database_name: locolander
368+ database_user: locolander
369+ database_password: locolander
370+ database_host: ${inventory_hostname}
371+ database_port: 5432
372+
373+ tasks:
374+ - name: Install PostgreSQL server.
375+ apt: pkg=${item} state=installed update-cache=yes
376+ with_items:
377+ - postgresql
378+ - python-psycopg2
379+
380+ - name: Install postgresql.conf configuration file.
381+ action: template src=templates/postgresql/postgresql.conf dest=/etc/postgresql/9.1/main/postgresql.conf
382+ notify:
383+ - restart postgresql
384+
385+ - name: Install pg_hba.conf configuration file.
386+ action: template src=templates/postgresql/pg_hba.conf dest=/etc/postgresql/9.1/main/pg_hba.conf
387+ notify:
388+ - restart postgresql
389+
390+ - name: Create database user.
391+ postgresql_user: name=${database_user} password=${database_password} state=present
392+ sudo_user: postgres
393+
394+ - name: Create database.
395+ postgresql_db: name=${database_name} state=present
396+ sudo_user: postgres
397+
398+ handlers:
399+ - name: restart postgresql
400+ action: service name=postgresql state=restarted
401
402=== added directory 'ansible/provision/files'
403=== added directory 'ansible/provision/files/docker'
404=== added file 'ansible/provision/files/docker/authentication.conf'
405--- ansible/provision/files/docker/authentication.conf 1970-01-01 00:00:00 +0000
406+++ ansible/provision/files/docker/authentication.conf 2013-08-19 19:23:44 +0000
407@@ -0,0 +1,4 @@
408+[Launchpad]
409+host = .launchpad.net
410+scheme = ssh
411+user = locolander
412
413=== added file 'ansible/provision/files/docker/bazaar.conf'
414--- ansible/provision/files/docker/bazaar.conf 1970-01-01 00:00:00 +0000
415+++ ansible/provision/files/docker/bazaar.conf 2013-08-19 19:23:44 +0000
416@@ -0,0 +1,3 @@
417+[DEFAULT]
418+email = "Loco Lander"
419+launchpad_username = locolander
420
421=== added file 'ansible/provision/site.yml'
422--- ansible/provision/site.yml 1970-01-01 00:00:00 +0000
423+++ ansible/provision/site.yml 2013-08-19 19:23:44 +0000
424@@ -0,0 +1,3 @@
425+---
426+- include: dbserver.yml
427+- include: webserver.yml
428
429=== added directory 'ansible/provision/templates'
430=== added directory 'ansible/provision/templates/docker'
431=== added file 'ansible/provision/templates/docker/95proxies'
432--- ansible/provision/templates/docker/95proxies 1970-01-01 00:00:00 +0000
433+++ ansible/provision/templates/docker/95proxies 2013-08-19 19:23:44 +0000
434@@ -0,0 +1,3 @@
435+Acquire::http::proxy "http://{{ ansible_docker0["ipv4"]["address"] }}:3128/";
436+Acquire::ftp::proxy "ftp://{{ ansible_docker0["ipv4"]["address"] }}:3128/";
437+Acquire::https::proxy "https://{{ ansible_docker0["ipv4"]["address"] }}:3128/";
438
439=== added file 'ansible/provision/templates/docker/Dockerfile'
440--- ansible/provision/templates/docker/Dockerfile 1970-01-01 00:00:00 +0000
441+++ ansible/provision/templates/docker/Dockerfile 2013-08-19 19:23:44 +0000
442@@ -0,0 +1,33 @@
443+from ubuntu:precise
444+env http_proxy http://{{ ansible_docker0["ipv4"]["address"] }}:3128
445+
446+# enable universe repo
447+run apt-get -y update
448+run apt-get -y install python-software-properties
449+run add-apt-repository "deb http://archive.ubuntu.com/ubuntu precise main universe"
450+run apt-get -y update
451+
452+# install base tools
453+run apt-get -y install python-pip
454+run apt-get -y install bzr
455+
456+# upgrade system
457+run apt-get -y upgrade
458+
459+# add pip cache
460+run mkdir -p /var/cache/{{ project_user }}/pip
461+
462+# configure proxy
463+add ./environment /etc/environment
464+add ./95proxies /etc/apt/apt.conf.d/95proxies
465+
466+# add {{ project_user }} user
467+run useradd -m {{ project_user }}
468+
469+# configure bazaar
470+run mkdir /home/{{ project_user }}/.bazaar
471+add ./bazaar.conf /home/{{ project_user }}/.bazaar/bazaar.conf
472+add ./authentication.conf /home/{{ project_user }}/.bazaar/authentication.conf
473+
474+# ensure proper ownership
475+run chown -R {{ project_user }}.{{ project_user }} /home/{{ project_user }}/
476
477=== added file 'ansible/provision/templates/docker/environment'
478--- ansible/provision/templates/docker/environment 1970-01-01 00:00:00 +0000
479+++ ansible/provision/templates/docker/environment 2013-08-19 19:23:44 +0000
480@@ -0,0 +1,10 @@
481+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
482+
483+http_proxy=http://{{ ansible_docker0["ipv4"]["address"] }}:3128/
484+https_proxy=http://{{ ansible_docker0["ipv4"]["address"] }}:3128/
485+ftp_proxy=http://{{ ansible_docker0["ipv4"]["address"] }}:3128/
486+no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
487+HTTP_PROXY=http://{{ ansible_docker0["ipv4"]["address"] }}:3128/
488+HTTPS_PROXY=http://{{ ansible_docker0["ipv4"]["address"] }}:3128/
489+FTP_PROXY=http://{{ ansible_docker0["ipv4"]["address"] }}:3128/
490+NO_PROXY="localhost,127.0.0.1,localaddress,.localdomain.com"
491
492=== added directory 'ansible/provision/templates/nginx'
493=== added file 'ansible/provision/templates/nginx/nginx.conf'
494--- ansible/provision/templates/nginx/nginx.conf 1970-01-01 00:00:00 +0000
495+++ ansible/provision/templates/nginx/nginx.conf 2013-08-19 19:23:44 +0000
496@@ -0,0 +1,25 @@
497+server {
498+ listen 80;
499+ server_name {{ project_fqdn }};
500+ access_log /var/log/nginx/{{ project_name }}.access.log;
501+ error_log /var/log/nginx/{{ project_name }}.error.log;
502+ root {{ project_root }}/static/;
503+
504+ location /static/ {
505+ alias {{ project_root }}/static/;
506+ expires 1y;
507+ add_header Cache-Control "public";
508+ }
509+
510+ location / {
511+ proxy_pass_header Server;
512+ proxy_set_header Host $http_host;
513+ proxy_redirect off;
514+ proxy_set_header X-Real-IP $remote_addr;
515+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
516+ proxy_set_header X-Scheme $scheme;
517+ proxy_connect_timeout 10;
518+ proxy_read_timeout 10;
519+ proxy_pass http://localhost:8000/;
520+ }
521+}
522
523=== added directory 'ansible/provision/templates/postgresql'
524=== added file 'ansible/provision/templates/postgresql/pg_hba.conf'
525--- ansible/provision/templates/postgresql/pg_hba.conf 1970-01-01 00:00:00 +0000
526+++ ansible/provision/templates/postgresql/pg_hba.conf 2013-08-19 19:23:44 +0000
527@@ -0,0 +1,35 @@
528+# Put your actual configuration here
529+# ----------------------------------
530+#
531+# If you want to allow non-local connections, you need to add more
532+# "host" records. In that case you will also need to make PostgreSQL
533+# listen on a non-local interface via the listen_addresses
534+# configuration parameter, or via the -i or -h command line switches.
535+
536+# IPv4 network connections:
537+host all all {{ database_host }}/24 md5
538+
539+
540+# DO NOT DISABLE!
541+# If you change this first entry you will need to make sure that the
542+# database superuser can access the database using some other method.
543+# Noninteractive access to all databases is required during automatic
544+# maintenance (custom daily cronjobs, replication, and similar tasks).
545+#
546+# Database administrative login by Unix domain socket
547+local all postgres peer
548+
549+# TYPE DATABASE USER ADDRESS METHOD
550+
551+# "local" is for Unix domain socket connections only
552+local all all peer
553+# IPv4 local connections:
554+host all all 127.0.0.1/32 md5
555+# IPv6 local connections:
556+host all all ::1/128 md5
557+# Allow replication connections from localhost, by a user with the
558+# replication privilege.
559+#local replication postgres peer
560+#host replication postgres 127.0.0.1/32 md5
561+#host replication postgres ::1/128 md5
562+
563
564=== added file 'ansible/provision/templates/postgresql/postgresql.conf'
565--- ansible/provision/templates/postgresql/postgresql.conf 1970-01-01 00:00:00 +0000
566+++ ansible/provision/templates/postgresql/postgresql.conf 2013-08-19 19:23:44 +0000
567@@ -0,0 +1,96 @@
568+
569+#------------------------------------------------------------------------------
570+# FILE LOCATIONS
571+#------------------------------------------------------------------------------
572+
573+# The default values of these variables are driven from the -D command-line
574+# option or PGDATA environment variable, represented here as ConfigDir.
575+
576+data_directory = '/var/lib/postgresql/9.1/main' # use data in another directory
577+ # (change requires restart)
578+hba_file = '/etc/postgresql/9.1/main/pg_hba.conf' # host-based authentication file
579+ # (change requires restart)
580+ident_file = '/etc/postgresql/9.1/main/pg_ident.conf' # ident configuration file
581+ # (change requires restart)
582+
583+# If external_pid_file is not explicitly set, no extra PID file is written.
584+external_pid_file = '/var/run/postgresql/9.1-main.pid' # write an extra PID file
585+ # (change requires restart)
586+
587+
588+#------------------------------------------------------------------------------
589+# CONNECTIONS AND AUTHENTICATION
590+#------------------------------------------------------------------------------
591+
592+# - Connection Settings -
593+
594+listen_addresses = 'localhost, {{ database_host }}'
595+ # what IP address(es) to listen on;
596+ # comma-separated list of addresses;
597+ # defaults to 'localhost', '*' = all
598+ # (change requires restart)
599+port = {{ database_port }} # (change requires restart)
600+max_connections = 100 # (change requires restart)
601+unix_socket_directory = '/var/run/postgresql' # (change requires restart)
602+
603+# - Security and Authentication -
604+
605+ssl = true # (change requires restart)
606+
607+
608+#------------------------------------------------------------------------------
609+# RESOURCE USAGE (except WAL)
610+#------------------------------------------------------------------------------
611+
612+# - Memory -
613+
614+shared_buffers = 24MB # min 128kB
615+ # (change requires restart)
616+
617+
618+#------------------------------------------------------------------------------
619+# ERROR REPORTING AND LOGGING
620+#------------------------------------------------------------------------------
621+
622+# - What to Log -
623+
624+log_line_prefix = '%t ' # special values:
625+ # %a = application name
626+ # %u = user name
627+ # %d = database name
628+ # %r = remote host and port
629+ # %h = remote host
630+ # %p = process ID
631+ # %t = timestamp without milliseconds
632+ # %m = timestamp with milliseconds
633+ # %i = command tag
634+ # %e = SQL state
635+ # %c = session ID
636+ # %l = session line number
637+ # %s = session start timestamp
638+ # %v = virtual transaction ID
639+ # %x = transaction ID (0 if none)
640+ # %q = stop here in non-session
641+ # processes
642+ # %% = '%'
643+ # e.g. '<%u%%%d> '
644+
645+
646+#------------------------------------------------------------------------------
647+# CLIENT CONNECTION DEFAULTS
648+#------------------------------------------------------------------------------
649+
650+# - Locale and Formatting -
651+
652+datestyle = 'iso, mdy'
653+
654+# These settings are initialized by initdb, but they can be changed.
655+lc_messages = 'en_US' # locale for system error message
656+ # strings
657+lc_monetary = 'en_US' # locale for monetary formatting
658+lc_numeric = 'en_US' # locale for number formatting
659+lc_time = 'en_US' # locale for time formatting
660+
661+# default configuration for text search
662+default_text_search_config = 'pg_catalog.english'
663+
664
665=== added directory 'ansible/provision/templates/squid'
666=== added file 'ansible/provision/templates/squid/squid.conf'
667--- ansible/provision/templates/squid/squid.conf 1970-01-01 00:00:00 +0000
668+++ ansible/provision/templates/squid/squid.conf 2013-08-19 19:23:44 +0000
669@@ -0,0 +1,84 @@
670+#
671+# Recommended minimum configuration:
672+#
673+
674+# Example rule allowing access from your local networks.
675+# Adapt to list your (internal) IP networks from where browsing
676+# should be allowed
677+acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
678+acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
679+acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
680+acl localnet src fc00::/7 # RFC 4193 local private network range
681+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
682+acl localnet src {{ ansible_docker0["ipv4"]["network"] }}/12
683+
684+acl SSL_ports port 443
685+acl Safe_ports port 80 # http
686+acl Safe_ports port 21 # ftp
687+acl Safe_ports port 443 # https
688+acl Safe_ports port 70 # gopher
689+acl Safe_ports port 210 # wais
690+acl Safe_ports port 1025-65535 # unregistered ports
691+acl Safe_ports port 280 # http-mgmt
692+acl Safe_ports port 488 # gss-http
693+acl Safe_ports port 591 # filemaker
694+acl Safe_ports port 777 # multiling http
695+acl CONNECT method CONNECT
696+
697+#
698+# Recommended minimum Access Permission configuration:
699+#
700+# Deny requests to certain unsafe ports
701+http_access deny !Safe_ports
702+
703+# Deny CONNECT to other than secure SSL ports
704+http_access deny CONNECT !SSL_ports
705+
706+#
707+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
708+#
709+
710+#### Docker
711+# use proper cache sizes
712+maximum_object_size_in_memory 8192 KB
713+maximum_object_size 200000 KB
714+
715+# disable caching (temporarily), just proxy for now
716+cache deny all
717+
718+# enable access logs
719+access_log /var/log/squid3/access.log squid
720+
721+# cache everything for 24-72h
722+refresh_pattern . 1440 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth
723+####
724+
725+
726+# Example rule allowing access from your local networks.
727+# Adapt localnet in the ACL section to list your (internal) IP networks
728+# from where browsing should be allowed
729+http_access allow localnet
730+
731+# And finally deny all other access to this proxy
732+http_access deny all
733+
734+# Squid normally listens to port 3128
735+http_port 127.0.0.1:3128
736+http_port 10.0.3.1:3128
737+http_port {{ ansible_docker0["ipv4"]["address"] }}:3128
738+
739+# Uncomment and adjust the following to add a disk cache directory.
740+# 2048 MB in 16/256 levels (defaut)
741+cache_dir ufs /var/spool/squid3 2048 16 256
742+
743+
744+# Leave coredumps in the first cache dir
745+coredump_dir /var/spool/squid3
746+
747+#
748+# Add any of your own refresh_pattern entries above these.
749+#
750+refresh_pattern ^ftp: 1440 20% 10080
751+refresh_pattern ^gopher: 1440 0% 1440
752+refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
753+refresh_pattern . 0 20% 4320
754
755=== added directory 'ansible/provision/templates/supervisor'
756=== added file 'ansible/provision/templates/supervisor/supervisor.conf'
757--- ansible/provision/templates/supervisor/supervisor.conf 1970-01-01 00:00:00 +0000
758+++ ansible/provision/templates/supervisor/supervisor.conf 2013-08-19 19:23:44 +0000
759@@ -0,0 +1,27 @@
760+[program:{{ project_name }}-gunicorn]
761+command = {{ project_root }}/env/bin/gunicorn {{ project_name }}.wsgi:application
762+directory = {{ project_root }}/code/current/{{ project_name }}
763+user = {{ project_user }}
764+environment = DJANGO_SETTINGS_MODULE=production,PYTHONPATH="{{ project_root }}/config:{{ project_root }}/code/current/{{ project_name }}"
765+autostart = false
766+autorestart = true
767+stdout_logfile = /var/log/{{ project_name }}.log
768+redirect_stderr = true
769+
770+[program:{{ project_name }}-celeryd]
771+command = {{ project_root }}/env/bin/python {{ project_root }}/code/current/{{ project_name }}/manage.py celeryd
772+user = {{ project_user }}
773+environment = HOME="/home/{{ project_user }}",USER={{ project_user }},DJANGO_SETTINGS_MODULE=production,PYTHONPATH="{{ project_root }}/config:{{ project_root }}/code/current/{{ project_name }}"
774+autostart = false
775+autorestart = true
776+stdout_logfile = /var/log/{{ project_name }}.log
777+redirect_stderr = true
778+
779+[program:{{ project_name }}-flower]
780+command = {{ project_root }}/env/bin/python {{ project_root }}/code/current/{{ project_name }}/manage.py celery flower
781+user = {{ project_user }}
782+environment = DJANGO_SETTINGS_MODULE=production,PYTHONPATH="{{ project_root }}/config:{{ project_root }}/code/current/{{ project_name }}"
783+autostart = false
784+autorestart = true
785+stdout_logfile = /var/log/{{ project_name }}.log
786+redirect_stderr = true
787
788=== added file 'ansible/provision/webserver.yml'
789--- ansible/provision/webserver.yml 1970-01-01 00:00:00 +0000
790+++ ansible/provision/webserver.yml 2013-08-19 19:23:44 +0000
791@@ -0,0 +1,128 @@
792+---
793+- hosts: webservers
794+ sudo: true
795+
796+ vars:
797+ project_name: locolander
798+ project_user: locolander
799+ project_fqdn: ${inventory_hostname}
800+ project_root: /srv/locolander
801+
802+ tasks:
803+ # system packages
804+
805+ - name: Install requirements for adding repositories.
806+ apt: pkg=python-software-properties state=installed update-cache=yes
807+
808+ - name: Add required repositories.
809+ apt_repository: repo=ppa:dotcloud/lxc-docker state=present
810+
811+ - name: Install required packages.
812+ apt: pkg=$item state=installed update-cache=yes
813+ with_items:
814+ - squid
815+ - nginx
816+ - supervisor
817+ - redis-server
818+ - bzr
819+ - python
820+ - python-virtualenv
821+ - python-pip
822+ - libpq-dev
823+ - python-dev
824+ - libxml2-dev
825+ - libxslt1-dev
826+ - lxc-docker
827+
828+ # squid
829+
830+ - name: Install squid configuration file.
831+ template: src=templates/squid/squid.conf dest=/etc/squid3/squid.conf
832+ notify: restart squid
833+
834+ - name: Enable and start squid service.
835+ service: name=squid3 state=started enabled=yes
836+
837+ # redis
838+
839+ - name: Enable and start redis service.
840+ service: name=redis-server state=started enabled=yes
841+
842+ # nginx
843+
844+ - name: Install nginx configuration file.
845+ template: src=templates/nginx/nginx.conf dest=/etc/nginx/sites-available/${project_name}
846+ notify: restart nginx
847+
848+ - name: Disable default nginx site.
849+ file: path=/etc/nginx/sites-enabled/default state=absent
850+ notify: restart nginx
851+
852+ - name: Enable nginx configuration for project.
853+ file: state=link src=/etc/nginx/sites-available/${project_name} path=/etc/nginx/sites-enabled/${project_name}
854+ notify: restart nginx
855+
856+ - name: Enable and start nginx service.
857+ service: name=nginx state=started enabled=yes
858+
859+ # supervisor
860+
861+ - name: Install supervisor config files.
862+ template: src=templates/supervisor/supervisor.conf dest=/etc/supervisor/conf.d/${project_name}.conf
863+ notify: restart supervisor
864+
865+ - name: Enable and start supervisord service.
866+ service: name=supervisor state=started enabled=yes
867+
868+ # docker
869+
870+ - name: Allow sudo access to docker for locolander user.
871+ lineinfile: dest=/etc/sudoers state=present regexp='^locolander' line='locolander ALL=(ALL) NOPASSWD:/usr/bin/docker'
872+
873+ - name: Enable and start docker service.
874+ service: name=docker state=started enabled=yes
875+
876+ - name: Create folder for docker image configuration files.
877+ file: path=${project_root}/docker state=directory
878+
879+ - name: Copy bazaar configuration files.
880+ copy: src=files/docker/${item} dest=${project_root}/docker
881+ with_items:
882+ - bazaar.conf
883+ - authentication.conf
884+ notify: build docker base image
885+
886+ - name: Install docker configuration files.
887+ template: src=templates/docker/${item} dest=${project_root}/docker
888+ with_items:
889+ - 95proxies
890+ - environment
891+ - Dockerfile
892+ notify: build docker base image
893+
894+ # project structure
895+
896+ - name: Create project user.
897+ user: name=${project_user} state=present
898+
899+ - name: Create project root.
900+ file: state=directory path=${project_root} owner=${project_user} group=${project_user}
901+
902+ - name: Create project static folder.
903+ file: state=directory path=${project_root}/static owner=${project_user} group=${project_user}
904+
905+ - name: Create project config folder.
906+ file: state=directory path=${project_root}/config owner=${project_user} group=${project_user}
907+
908+ handlers:
909+ - name: restart squid
910+ service: name=squid3 state=restarted
911+
912+ - name: restart nginx
913+ action: service name=nginx state=restarted
914+
915+ - name: restart supervisor
916+ action: service name=supervisor state=restarted
917+
918+ - name: build docker base image
919+ shell: chdir=${project_root}/docker docker build -t locolander:precise .

Subscribers

People subscribed via source and target branches

to all changes: