Ansible provision playbook

Author: rafaelhenrique

.gitignore

@@ -94,3 +94,7 @@ ENV/
 
 # Ignore collected static files
 static
+
+# Recomended ignore some files of ansible
+#contrib/ansible_playbooks/secret
+

contrib/ansible_playbooks/Makefile

@@ -0,0 +1,20 @@
+provision:
+	@ansible-playbook provision.yml -v --ask-become-pass
+
+deploy:	
+	@ansible-playbook deploy.yml --ask-become-pass
+
+all:
+	@ansible-playbook provision.yml deploy.yml --ask-become-pass 
+
+step:
+	@ansible-playbook provision.yml deploy.yml --ask-become-pass --step
+
+ping:
+	@ansible all -i secret/hosts -m ping
+
+install-ansible-local:
+	@sudo apt-get install ansible sshpass
+
+install-python-remote:
+	@ansible all -i secret/hosts -m raw -a 'apt-get update && apt-get install -y python' -b --ask-sudo-pass

contrib/ansible_playbooks/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+hostfile = secret/hosts

contrib/ansible_playbooks/deploy.yml

@@ -0,0 +1,38 @@
+---
+- hosts: virtualbox-vms
+  vars_files:
+    - secret/vars.yml
+  become: true
+
+  tasks:
+  - name: Authorize my key on remote host.
+    authorized_key: user={{ management_user }} key={{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}
+    become: yes
+
+  - name: Create user.
+    user: name={{ project_name }} state=present
+
+  - name: Update system.
+    apt: update_cache=yes
+
+  # - name: Upgrade system.
+  #   apt: upgrade=dist
+
+  - name: Install required system packages.
+    apt: pkg={{ item }} state=installed update-cache=yes allow_unauthenticated=yes
+    with_items: "{{ system_packages }}"
+
+  - name: Create ssh directory to root user.
+    file: path=/root/.ssh state=directory owner=root group=root mode=0700
+
+  - name: Upload SSH key private root.
+    copy: src={{ private_key_github }} dest=/root/.ssh/id_rsa mode=0400
+
+  - name: Upload SSH key public root.
+    copy: src={{ public_key_github }} dest=/root/.ssh/id_rsa.pub mode=0644
+
+  - name: Pull sources from the repository.
+    git: repo={{ project_repo }} dest={{ project_root }} version={{ branch }} accept_hostkey=True force=yes
+
+  - name: Change permissions.
+    file: dest={{ project_home }} owner={{ project_name }} group={{ project_name }} recurse=yes

contrib/ansible_playbooks/provision.yml

@@ -0,0 +1,2 @@
+[virtualbox-vms]
+vm01 ansible_port=22 ansible_ssh_host=<ip of your application host> environment_type=production branch=master ansible_ssh_pass=<your ssh password> ansible_ssh_user=<your ssh user>

contrib/ansible_playbooks/secret/hosts

@@ -0,0 +1,25 @@
+#server {
+#   listen  80;
+#   server_name flasktutorial.abraseucodigo.com.br;
+#   return 301 https://$server_name$request_uri;
+#}
+
+server {
+  listen  80;
+#  server_name flasktutorial.abraseucodigo.com.br;
+
+  location / {
+    client_max_body_size 5M;
+    uwsgi_pass unix:///home/flasktutorial/uwsgi.sock;
+    include  uwsgi_params;
+  }
+
+  location /static {    
+    autoindex on;    
+    alias /home/flasktutorial/project/staticfiles;
+  }
+
+  location /robots.txt {    
+    alias /home/flasktutorial/project/robots.txt;
+  }
+}

contrib/ansible_playbooks/secret/nginx.conf

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /

contrib/ansible_playbooks/secret/robots.txt

@@ -0,0 +1,11 @@
+[program:uwsgi_flasktutorial]
+command=/home/flasktutorial/.venv/bin/uwsgi --master --socket=/home/flasktutorial/uwsgi.sock --chmod-socket=666 --workers=4 --pythonpath=/home/flasktutorial/project/ --wsgi=hci_api.wsgi --enable-threads --single-interpreter --stats /home/flasktutorial/uwsgistats.sock
+user=flasktutorial
+numprocs=1
+stdout_logfile=/home/flasktutorial/flasktutorial.log
+stderr_logfile=/home/flasktutorial/flasktutorial_error.log
+autostart=true
+autorestart=true
+stopsignal=QUIT
+environment=SECRET_KEY="<your secret key>",SERVER_NAME="<your host ip>",DATABASE_URI="sqlite:///tvseries.sqlite3"
+

contrib/ansible_playbooks/secret/uwsgi.conf

@@ -0,0 +1,20 @@
+---
+project_name: flasktutorial
+project_home: /home/flasktutorial
+project_root: /home/flasktutorial/project
+virtualenv_directory: /home/flasktutorial/.venv
+project_repo: [email protected]:rafaelhenrique/flask_tutorial.git
+private_key_github: /home/<your local user>/.ssh/id_rsa
+public_key_github: /home/<your local user>/.ssh/id_rsa.pub
+management_user: <management user of application host>
+production_variables:
+    SECRET_KEY: '<inform your secret key>'
+    SERVER_NAME: '<inform your host>'
+    DATABASE_URI: 'sqlite:///tvseries.sqlite3'
+system_packages:
+  - build-essential
+  - python3
+  - python3-dev
+  - python3-venv
+  - nginx
+  - supervisor