ccvgd.yml

- name: CCVGD deployment
  remote_user: ulsprovision
  hosts: ccvgd
  become: yes

  tasks:

  - name: Include host vars 
    include_vars:
      file: hostvars/{{inventory_hostname}}.config.yml
      name: configvars

  - name: host directory
    file:
      path: /opt/local/ccvgd
      state: directory
      mode: '2775'
      owner: root
      group: ulssysdev

  - name: database loader directory
    file:
      path: /opt/local/ccvgd/dataload
      state: directory
      mode: '2775'
      owner: root
      group: ulssysdev

  - name: frontend directory
    file:
      path: /opt/local/ccvgd/frontend
      state: directory
      mode: '2775'
      owner: root
      group: ulssysdev

  - name: backend directory
    file:
      path: /opt/local/ccvgd/backend
      state: directory
      mode: '2775'
      owner: root
      group: ulssysdev

  - name: Clone database loader from git
    git:
      repo: https://github.com/ulsdevteam/ccvgd-database.git
      dest: /opt/local/ccvgd/dataload
      force: yes
      umask: '0002'

  - name: Clone frontend from git
    git:
      repo: https://github.com/ulsdevteam/ccvgd-frontend.git
      dest: /opt/local/ccvgd/frontend
      force: yes
      umask: '0002'

  - name: Clone backend from git
    git:
      repo: https://github.com/ulsdevteam/ccvgd-backend.git
      dest: /opt/local/ccvgd/backend
      force: yes
      umask: '0002'
      version: rhel7-python36

  - name: Python requirements file only works if wheel is installed
    pip:
      executable: /opt/rh/rh-python36/root/usr/bin/pip
      name: wheel

  - name: Python requirements file only works if pip is updated
    pip:
      executable: /opt/rh/rh-python36/root/usr/bin/pip
      name: pip
      extra_args: --upgrade

  - name: Install python requirements per application
    pip:
      executable: /opt/rh/rh-python36/root/usr/bin/pip
      requirements: /opt/local/ccvgd/backend/requirements.txt

  - name: Deploy config.txt file for database tooling
    copy:
      src: resources/ccvgd/config.txt.template
      dest: /opt/local/ccvgd/dataload/pythonScript/config.txt

  - name: set hostname in config.txt
    replace:
      path: /opt/local/ccvgd/dataload/pythonScript/config.txt
      regexp: 'MYSQLHOST'
      replace: 'localhost'

  - name: set databasename in config.txt
    replace:
      path: /opt/local/ccvgd/dataload/pythonScript/config.txt
      regexp: 'MYSQLDATA'
      replace: '{{configvars.database.name}}'

  - name: set username in config.txt
    replace:
      path: /opt/local/ccvgd/dataload/pythonScript/config.txt
      regexp: 'MYSQLUSER'
      replace: '{{configvars.database.username}}'

  - name: set password in config.txt
    replace:
      path: /opt/local/ccvgd/dataload/pythonScript/config.txt
      regexp: 'MYSQLPASS'
      replace: '{{configvars.database.password}}'

  - name: set hostname in config.py
    lineinfile:
       path: /opt/local/ccvgd/backend/config.py
       state: present
       regexp: 'mysql_host = '
       line: 'mysql_host = "localhost"'

  - name: set username in config.py
    lineinfile:
       path: /opt/local/ccvgd/backend/config.py
       state: present
       regexp: 'mysql_username = '
       line: 'mysql_username = "{{configvars.database.username}}"'

  - name: set password in config.py
    lineinfile:
       path: /opt/local/ccvgd/backend/config.py
       state: present
       regexp: 'mysql_password = '
       line: 'mysql_password = "{{configvars.database.password}}"'

  - name: set database in config.py
    lineinfile:
       path: /opt/local/ccvgd/backend/config.py
       state: present
       regexp: 'mysql_database = '
       line: 'mysql_database = "{{configvars.database.name}}"'

  - name: create database
    mysql_db:
      name: '{{configvars.database.name}}'

  - name: grant database permissions
    mysql_user:
      name: '{{configvars.database.name}}'
      password: '{{configvars.database.password}}'
      priv: '{{configvars.database.username}}.*:ALL'
      state: present

  - name: create certificate directory
    file:
      path: /etc/pki/tls/certs/{{configvars.site.hostname}}/
      state: directory

  - name: create certificate private directory
    file:
      path: /etc/pki/tls/private/{{configvars.site.hostname}}/
      state: directory

  - name: copy temporary certificate
    copy:
      src: /etc/pki/tls/certs/localhost.crt
      dest: /etc/pki/tls/certs/{{configvars.site.hostname}}/cert.pem
      remote_src: yes
      owner: root
      group: ulssysdev
      mode: preserve
      force: no
    register: certfile_changed

  - name: copy temporary private key
    copy:
      src: /etc/pki/tls/private/localhost.key
      dest: /etc/pki/tls/private/{{configvars.site.hostname}}/privkey.pem
      remote_src: yes
      owner: root
      group: ulssysdev
      mode: preserve
      force: no
    register: certchain_changed

  - name: Deploy vhost
    copy:
      src: resources/ccvgd/vhost.conf.template
      dest: /etc/httpd/conf.d/{{configvars.site.hostname}}.conf

  - name: disable certificate chain in vhost
    lineinfile:
      path: /etc/httpd/conf.d/{{configvars.site.hostname}}.conf
      regexp: '^(\s*SSLCertificateChainFile.*$)'
      line: '#\1'
      backrefs: yes
    when: certfile_changed is succeeded or certchain_changed is succeeded

  - name: set hostname in vhost
    replace:
      path: /etc/httpd/conf.d/{{configvars.site.hostname}}.conf
      regexp: 'SERVERNAME'
      replace: '{{configvars.site.hostname}}'

  - name: set backend port in vhost
    replace:
      path: /etc/httpd/conf.d/{{configvars.site.hostname}}.conf
      regexp: 'PROXYPORT'
      replace: '{{configvars.site.backend_port}}'

  - name: set backend endpoint in vhost
    replace:
      path: /etc/httpd/conf.d/{{configvars.site.hostname}}.conf
      regexp: 'PROXYENDPOINT'
      replace: '{{configvars.site.backend_uri}}'