Merge pull request #67 from dgreisen-cfpb/master

Pantheon deployment refactor
cfpb · Jul 17, 2015 · e66bf33 · e66bf33
2 parents 19c6894 + d251966
commit e66bf33
Show file tree

Hide file tree

Showing 14 changed files with 90 additions and 34 deletions.
diff --git a/Vagrantfile b/Vagrantfile
@@ -3,10 +3,10 @@
 
 Vagrant.configure("2") do |config|
   # vbox name
-  config.vm.box = "centos_6_5_64"
+  config.vm.box = "centos_6_6_64"
 
   # vbox url
-  config.vm.box_url = "https://github.com/2creatives/vagrant-centos/releases/download/v6.5.1/centos65-x86_64-20131205.box"
+  config.vm.box_url = "https://github.com/tommy-muehle/puppet-vagrant-boxes/releases/download/1.0.0/centos-6.6-x86_64.box"
 
   # enable package caching
   config.cache.auto_detect = true
@@ -16,7 +16,12 @@ Vagrant.configure("2") do |config|
   config.vm.network :forwarded_port, guest: 5984, host: 5984
 
   # shared folders
-  config.vm.synced_folder "../pantheon-repos", "/opt/pantheon-repos" 
+  config.vm.synced_folder "../pantheon-repos", "/opt/pantheon-repos"
+  config.vm.synced_folder ".", "/opt/pantheon"
+
+  # Run a local script to ensure unitybox is available for ansible
+  # provisioning later
+  system('./unitybox-bootstrap.sh')
 
   config.vm.provision "ansible" do |ansible|
     ansible.playbook = "ansible/playbook.yml"

diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml
@@ -1,4 +1,6 @@
-repos_dir: /opt/pantheon-repos
+project_dir: /opt
+pantheon_dir: "{{ project_dir }}/pantheon"
+repos_dir: "{{ project_dir }}/pantheon-repos"
 kratos_dir: "{{ repos_dir }}/kratos"
 moirai_dir: "{{ repos_dir }}/moirai"
 dash_dir: "{{ repos_dir }}/dash"

diff --git a/ansible/group_vars/all/repositories.yml b/ansible/group_vars/all/repositories.yml
@@ -1,4 +1,5 @@
 repositories:
-  - https://github.com/cfpb/dash.git@b10aee8c41a15a71938e7bcd5914ffb74767a2e5
-  - https://github.com/cfpb/[email protected]
-  - https://github.com/cfpb/[email protected]
+  - https://github.com/cfpb/[email protected]
+  - https://github.com/cfpb/[email protected]
+  - https://github.com/cfpb/[email protected]
+unitybox_repository: https://github.com/cfpb/[email protected]
diff --git a/ansible/group_vars/vagrant/main.yml b/ansible/group_vars/vagrant/main.yml
@@ -1,9 +1,8 @@
-root_dir: /vagrant
 dash_static_dir: src
 is_virtualbox: yes
 kratos_web_cmd: icake runtestserver
 moirai_web_cmd: icake runtestserver
-devdash_cmd: '{{ root_dir }}/devdash/manage.py runserver'
+devdash_cmd: '{{ pantheon_dir }}/devdash/manage.py runserver'
 supervisord_cmds:
   - devdash
   - kratos_web

diff --git a/ansible/library b/ansible/library
@@ -0,0 +1 @@
+../../unitybox/ansible/library
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
@@ -2,6 +2,13 @@
     - test
     - production
   gather_facts: no
+  pre_tasks:
+    - name: set umask to 022 so we can deploy
+      replace: dest=/etc/profile regexp='umask 077$' replace='umask 022'
+      sudo: yes
+    - name: set umask to 022 so we can deploy
+      replace: dest=/etc/bashrc regexp='umask 077$' replace='umask 022'
+      sudo: yes
   roles:
     - role: load_repos
       sudo: yes
@@ -25,3 +32,14 @@
       sudo: yes
     - role: supervisord
       sudo: yes
+- hosts:
+    - test
+    - production
+  gather_facts: no
+  post_tasks:
+    - name: set umask to 077 for safety
+      replace: dest=/etc/profile regexp='umask 022$' replace='umask 077'
+      sudo: yes
+    - name: set umask to 077 for safety
+      replace: dest=/etc/bashrc regexp='umask 022$' replace='umask 077'
+      sudo: yes
diff --git a/ansible/roles/couch/tasks/main.yml b/ansible/roles/couch/tasks/main.yml
@@ -31,10 +31,10 @@
   file: path=/var/log/couchdb owner=couchdb state=directory
 
 - name: get couchdb tar
-  get_url: url=http://download.nextag.com/apache/couchdb/source/1.6.1/apache-couchdb-1.6.1.tar.gz dest={{ root_dir }}/couchdb.tar.gz
+  get_url: url=http://download.nextag.com/apache/couchdb/source/1.6.1/apache-couchdb-1.6.1.tar.gz dest={{ pantheon_dir }}/couchdb.tar.gz
 
 - name: unzip couchdb
-  unarchive: src={{ root_dir }}/couchdb.tar.gz dest=/usr/local/src copy=no owner=couchdb
+  unarchive: src={{ pantheon_dir }}/couchdb.tar.gz dest=/usr/local/src copy=no owner=couchdb
 
   # For some reason owner=couchdb doesn't work above, assigns UID=1000 instead of the couchdb user
 - name: change ownership of couchdb source

diff --git a/ansible/roles/django/tasks/main.yml b/ansible/roles/django/tasks/main.yml
@@ -1,3 +1,10 @@
+- name: install libselinux-python for PUIAS
+  yum: name=libselinux-python
+
+- name: disable selinux for Vagrant only
+  selinux: state=disabled
+  when: groups.has_key('vagrant')
+
 - name: Create the PUIAS_6_computational Repository
   copy: src=puias-computational.repo dest=/etc/yum.repos.d/puias-computational.repo
 
@@ -16,19 +23,21 @@
   easy_install: name=pip executable=easy_install-2.7
 
 - name: Install python packages
-  pip: requirements={{ root_dir }}/devdash/requirements.txt executable=pip2.7
+  pip: requirements={{ pantheon_dir }}/devdash/requirements.txt executable=pip2.7
 
 - name: template settings_secret.py
-  template: src=settings_secret.py.j2 dest={{ root_dir }}/devdash/devdash/settings_secret.py
+  template: src=settings_secret.py.j2 dest={{ pantheon_dir }}/devdash/devdash/settings_secret.py
 
 - name: ensure data directory exists
   file: path={{ data_dir }} state=directory
 
+- name: create web user
+  user: name={{ web_user }} system=yes createhome=no
+
 - name: ensure django data directory exists
   file: path={{ data_dir }}/django owner={{ web_user }} group={{ web_user }} state=directory
 
 - name: migrate db
-  shell: "{{ root_dir }}/devdash/manage.py migrate"
-  sudo_user: "{{ web_user }}"
+  shell: "{{ pantheon_dir }}/devdash/manage.py migrate"
   register: migrate_result
   changed_when: "'No migrations to apply.' not in migrate_result.stdout"
diff --git a/ansible/roles/load_repos/tasks/main.yml b/ansible/roles/load_repos/tasks/main.yml
@@ -1,16 +1,19 @@
 - name: ensure git is on the machine
   yum: name=git
 
-- name: ensure the repo is up-to-date
-  git: repo=https://github.com/cfpb/devdash.git dest={{ root_dir }} force=yes
+- name: clone pantheon repo
+  clone_repos: 
+    urls: 
+      - "{{ project_repository }}"
+    processes: 1
+    install_dir: "{{ project_dir }}"
+    ensure_pinned: "{{ pin_versions }}"
 
-- name: ensure kratos is installed and up-to-date
-  git: repo=https://github.com/cfpb/kratos.git dest={{ kratos_dir }} force=yes
-
-- name: ensure moirai is installed and up-to-date
-  git: repo=https://github.com/cfpb/moirai.git dest={{ moirai_dir }} force=yes
-
-- name: ensure dash is installed and up-to-date
-  git: repo=https://github.com/cfpb/dash.git dest={{ dash_dir }} force=yes
+- name: clone dependent sub-repos
+  clone_repos: 
+    urls: "{{ repositories }}"
+    processes: 5
+    install_dir: "{{ repos_dir }}"
+    ensure_pinned: "{{ pin_versions }}"
 
 # todo handle migrations
diff --git a/ansible/roles/nginx/templates/node.conf.j2 b/ansible/roles/nginx/templates/node.conf.j2
@@ -30,7 +30,7 @@ server {
         {% if is_virtualbox %}
         sendfile off;
         {% endif %}
-        alias {{ root_dir }}/devdash/static;
+        alias {{ pantheon_dir }}/devdash/static;
     }
 
     location / {

diff --git a/ansible/roles/node/tasks/main.yml b/ansible/roles/node/tasks/main.yml
@@ -20,7 +20,7 @@
     - {name: 'forever', version: '0.13.0'}
 
 - name: rebuild kratos binaries
-  shell: npm rebuild chdir={{ kratos_dir }}
+  npm: production=yes path={{ kratos_dir }}
 
 - name: template kratos config_secret.py
   template: src=kratos_config_secret.js.j2 dest={{ kratos_dir }}/lib/config_secret.js

diff --git a/ansible/roles/supervisord/tasks/main.yml b/ansible/roles/supervisord/tasks/main.yml
@@ -1,11 +1,8 @@
-- name: create web user
-  user: name={{ web_user }} system=yes createhome=no
-
 - name: chown web code to web user
   file: path={{ item }} state=directory owner={{ web_user }} recurse=yes
   with_items:
     - "{{ dash_dir }}/{{ dash_static_dir }}"
-    - "{{ root_dir }}/devdash"
+    - "{{ pantheon_dir }}/devdash"
 
 - name: install supervisor
   pip: name=supervisor
@@ -31,5 +28,4 @@
   ignore_errors: yes
 
 - name: start supervised progs
-  supervisorctl: name={{ item }} state=restarted
-  with_items: supervisord_cmds
+  supervisorctl: name=all state=restarted
diff --git a/ansible/roles/supervisord/templates/devdash b/ansible/roles/supervisord/templates/devdash
@@ -1,5 +1,5 @@
 [program:devdash]
-directory={{ root_dir }}/devdash
+directory={{ pantheon_dir }}/devdash
 command= {{ devdash_cmd }}
 user={{ web_user }}
 autostart=true

diff --git a/unitybox-bootstrap.sh b/unitybox-bootstrap.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+##
+# Clones the Unitybox repo which contains various helper functions,
+# roles and common modules that we use in setting up this repo
+##
+
+# Clone the unitybox repo if it doesn't exist
+if [ ! -d "../unitybox" ]; then
+    echo "\033[1m Installing unitybox...\033[0m"
+    git clone https://github.com/Ooblioob/unitybox.git ../unitybox
+fi
+
+cd ../unitybox
+
+# Update to the latest version
+echo "\033[1m Updating unitybox...\033[0m"
+git fetch origin master
+git reset --hard HEAD
+git checkout master
+
+echo "\033[1m Update completed!\033[0m"