├── .gitignore ├── ansible.cfg ├── deploy.yml ├── group_vars ├── .DS_Store ├── all ├── prod-app └── production.example ├── hosts ├── orchestrate_app_server.yml ├── orchestrate_frontend_server.yml ├── provision_app_server.yml ├── provision_frontend_server.yml ├── redis_installation.yml ├── remote_deployment.yml ├── roles ├── .DS_Store ├── client-packages │ └── tasks │ │ └── main.yml ├── deploy │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── database.yml.j2 ├── launch_app_server │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── launch_frontend_server │ ├── .DS_Store │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── nginx-passenger │ ├── .DS_Store │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── passenger.list │ ├── tasks │ │ └── main.yml │ ├── templates │ │ ├── etc_nginx_sites-available.conf.j2 │ │ └── passenger.list │ └── vars │ │ └── main.yml ├── postgresql │ ├── tasks │ │ └── main.yml │ └── templates │ │ ├── redis-local.j2 │ │ ├── redis.conf │ │ ├── redis.local.conf.j2 │ │ ├── redis.log │ │ └── upstart.conf └── rvm_io.rvm1-ruby │ ├── .gitignore │ ├── .travis.yml │ ├── defaults │ ├── main.yml │ └── main.yml.save │ ├── tasks │ ├── main.yml │ ├── rubies.yml │ └── rvm.yml │ ├── tests │ ├── inventory │ └── test.yml │ └── vars │ └── main.yml ├── ruby_installation.yml ├── ruby_nginx_passenger.yml └── temp_deploy.yml /.gitignore: -------------------------------------------------------------------------------- 1 | hosts 2 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- http://ansible.com/ 2 | # ============================================== 3 | 4 | # nearly all parameters can be overridden in ansible-playbook 5 | # or with command line flags. ansible will read ANSIBLE_CONFIG, 6 | # ansible.cfg in the current working directory, .ansible.cfg in 7 | # the home directory or /etc/ansible/ansible.cfg, whichever it 8 | # finds first 9 | 10 | [defaults] 11 | #host_key_checking = False 12 | # some basic default values... 13 | 14 | inventory = /etc/ansible/hosts 15 | #library = /usr/share/my_modules/ 16 | remote_tmp = $HOME/.ansible/tmp 17 | pattern = * 18 | forks = 5 19 | poll_interval = 15 20 | sudo_user = root 21 | #ask_sudo_pass = True 22 | #ask_pass = True 23 | transport = smart 24 | #remote_port = 22 25 | module_lang = C 26 | 27 | # plays will gather facts by default, which contain information about 28 | # the remote system. 29 | # 30 | # smart - gather by default, but don't regather if already gathered 31 | # implicit - gather by default, turn off with gather_facts: False 32 | # explicit - do not gather by default, must say gather_facts: True 33 | gathering = implicit 34 | 35 | # additional paths to search for roles in, colon separated 36 | #roles_path = /etc/ansible/roles 37 | 38 | # uncomment this to disable SSH key host checking 39 | #host_key_checking = False 40 | 41 | # change this for alternative sudo implementations 42 | sudo_exe = sudo 43 | 44 | # what flags to pass to sudo 45 | #sudo_flags = -H 46 | 47 | # SSH timeout 48 | timeout = 10 49 | 50 | # default user to use for playbooks if user is not specified 51 | # (/usr/bin/ansible will use current user as default) 52 | #remote_user = root 53 | 54 | # logging is off by default unless this path is defined 55 | # if so defined, consider logrotate 56 | #log_path = /var/log/ansible.log 57 | 58 | # default module name for /usr/bin/ansible 59 | #module_name = command 60 | 61 | # use this shell for commands executed under sudo 62 | # you may need to change this to bin/bash in rare instances 63 | # if sudo is constrained 64 | #executable = /bin/sh 65 | 66 | # if inventory variables overlap, does the higher precedence one win 67 | # or are hash values merged together? The default is 'replace' but 68 | # this can also be set to 'merge'. 69 | #hash_behaviour = replace 70 | 71 | # list any Jinja2 extensions to enable here: 72 | #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 73 | 74 | # if set, always use this private key file for authentication, same as 75 | # if passing --private-key to ansible or ansible-playbook 76 | #private_key_file = /path/to/file 77 | 78 | # format of string {{ ansible_managed }} available within Jinja2 79 | # templates indicates to users editing templates files will be replaced. 80 | # replacing {file}, {host} and {uid} and strftime codes with proper values. 81 | ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 82 | 83 | # by default, ansible-playbook will display "Skipping [host]" if it determines a task 84 | # should not be run on a host. Set this to "False" if you don't want to see these "Skipping" 85 | # messages. NOTE: the task header will still be shown regardless of whether or not the 86 | # task is skipped. 87 | #display_skipped_hosts = True 88 | 89 | # by default (as of 1.3), Ansible will raise errors when attempting to dereference 90 | # Jinja2 variables that are not set in templates or action lines. Uncomment this line 91 | # to revert the behavior to pre-1.3. 92 | #error_on_undefined_vars = False 93 | 94 | # by default (as of 1.6), Ansible may display warnings based on the configuration of the 95 | # system running ansible itself. This may include warnings about 3rd party packages or 96 | # other conditions that should be resolved if possible. 97 | # to disable these warnings, set the following value to False: 98 | #system_warnings = True 99 | 100 | # by default (as of 1.4), Ansible may display deprecation warnings for language 101 | # features that should no longer be used and will be removed in future versions. 102 | # to disable these warnings, set the following value to False: 103 | #deprecation_warnings = True 104 | 105 | # (as of 1.8), Ansible can optionally warn when usage of the shell and 106 | # command module appear to be simplified by using a default Ansible module 107 | # instead. These warnings can be silenced by adjusting the following 108 | # setting or adding warn=yes or warn=no to the end of the command line 109 | # parameter string. This will for example suggest using the git module 110 | # instead of shelling out to the git command. 111 | # command_warnings = False 112 | 113 | 114 | # set plugin path directories here, separate with colons 115 | action_plugins = /usr/share/ansible_plugins/action_plugins 116 | callback_plugins = /usr/share/ansible_plugins/callback_plugins 117 | connection_plugins = /usr/share/ansible_plugins/connection_plugins 118 | lookup_plugins = /usr/share/ansible_plugins/lookup_plugins 119 | vars_plugins = /usr/share/ansible_plugins/vars_plugins 120 | filter_plugins = /usr/share/ansible_plugins/filter_plugins 121 | 122 | # by default callbacks are not loaded for /bin/ansible, enable this if you 123 | # want, for example, a notification or logging callback to also apply to 124 | # /bin/ansible runs 125 | #bin_ansible_callbacks = False 126 | 127 | 128 | # don't like cows? that's unfortunate. 129 | # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 130 | #nocows = 1 131 | 132 | # don't like colors either? 133 | # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 134 | #nocolor = 1 135 | 136 | # the CA certificate path used for validating SSL certs. This path 137 | # should exist on the controlling node, not the target nodes 138 | # common locations: 139 | # RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt 140 | # Fedora : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 141 | # Ubuntu : /usr/share/ca-certificates/cacert.org/cacert.org.crt 142 | #ca_file_path = 143 | 144 | # the http user-agent string to use when fetching urls. Some web server 145 | # operators block the default urllib user agent as it is frequently used 146 | # by malicious attacks/scripts, so we set it to something unique to 147 | # avoid issues. 148 | #http_user_agent = ansible-agent 149 | 150 | # if set to a persistent type (not 'memory', for example 'redis') fact values 151 | # from previous runs in Ansible will be stored. This may be useful when 152 | # wanting to use, for example, IP information from one group of servers # without having to talk to them in the same playbook run to get their 153 | # current IP information. 154 | fact_caching = memory 155 | 156 | 157 | # retry files 158 | #retry_files_enabled = False 159 | #retry_files_save_path = ~/.ansible-retry 160 | 161 | [privilege_escalation] 162 | #become=True 163 | #become_method=sudo 164 | #become_user=root 165 | #become_ask_pass=False 166 | 167 | [paramiko_connection] 168 | 169 | # uncomment this line to cause the paramiko connection plugin to not record new host 170 | # keys encountered. Increases performance on new host additions. Setting works independently of the 171 | # host key checking setting above. 172 | #record_host_keys=False 173 | 174 | # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this 175 | # line to disable this behaviour. 176 | #pty=False 177 | 178 | [ssh_connection] 179 | 180 | # ssh arguments to use 181 | # Leaving off ControlPersist will result in poor performance, so use 182 | # paramiko on older platforms rather than removing it 183 | #ssh_args = -o ControlMaster=auto -o ControlPersist=60s 184 | 185 | # The path to use for the ControlPath sockets. This defaults to 186 | # "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with 187 | # very long hostnames or very long path names (caused by long user names or 188 | # deeply nested home directories) this can exceed the character limit on 189 | # file socket names (108 characters for most platforms). In that case, you 190 | # may wish to shorten the string below. 191 | # 192 | # Example: 193 | # control_path = %(directory)s/%%h-%%r 194 | #control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r 195 | 196 | # Enabling pipelining reduces the number of SSH operations required to 197 | # execute a module on the remote server. This can result in a significant 198 | # performance improvement when enabled, however when using "sudo:" you must 199 | # first disable 'requiretty' in /etc/sudoers 200 | # 201 | # By default, this option is disabled to preserve compatibility with 202 | # sudoers configurations that have requiretty (the default on many distros). 203 | # 204 | #pipelining = False 205 | 206 | # if True, make ansible use scp if the connection type is ssh 207 | # (default is sftp) 208 | #scp_if_ssh = True 209 | 210 | [accelerate] 211 | accelerate_port = 5099 212 | accelerate_timeout = 30 213 | accelerate_connect_timeout = 5.0 214 | 215 | # The daemon timeout is measured in minutes. This time is measured 216 | # from the last activity to the accelerate daemon. 217 | accelerate_daemon_timeout = 30 218 | 219 | # If set to yes, accelerate_multi_key will allow multiple 220 | # private keys to be uploaded to it, though each user must 221 | # have access to the system via SSH to add a new key. The default 222 | # is "no". 223 | #accelerate_multi_key = yes 224 | 225 | [selinux] 226 | # file systems that require special treatment when dealing with security context 227 | # the default behaviour that copies the existing context or uses the user default 228 | # needs to be changed to use the file system dependant context. 229 | #special_context_filesystems=nfs,vboxsf,fuse 230 | -------------------------------------------------------------------------------- /deploy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: deploy 3 | hosts: launched 4 | gather_facts: false 5 | roles: 6 | - deploy -------------------------------------------------------------------------------- /group_vars/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible/1564a3c83eb6e086c8172fad0aaf386a14e4f081/group_vars/.DS_Store -------------------------------------------------------------------------------- /group_vars/all: -------------------------------------------------------------------------------- 1 | app_name: imli-backend 2 | deploy_user: ubuntu 3 | deploy_directory: "/home/{{deploy_user }}/{{ app_name }}" 4 | ansible_ssh_user: ubuntu 5 | #mysql_db_name: "{{ app_name }}" 6 | #mysql_db_user: "{{ app_name }}" 7 | 8 | -------------------------------------------------------------------------------- /group_vars/prod-app: -------------------------------------------------------------------------------- 1 | --- 2 | ansible_ssh_user: ubuntu 3 | -------------------------------------------------------------------------------- /group_vars/production.example: -------------------------------------------------------------------------------- 1 | deploy_user: ubuntu 2 | gh_pubkey_user: ajeetk 3 | webserver_name: test.trawly.in 4 | #mysql_root_password: 12345 5 | #mysql_db_password: 67890 6 | #s3_key: 123_key_here 7 | #s3_secret: 123_secret_here 8 | #s3_db_backup_location: s3://{{ app_name }}/db_backups 9 | -------------------------------------------------------------------------------- /hosts: -------------------------------------------------------------------------------- 1 | # This is the default ansible 'hosts' file. 2 | # 3 | # It should live in /etc/ansible/hosts 4 | # 5 | # - Comments begin with the '#' character 6 | # - Blank lines are ignored 7 | # - Groups of hosts are delimited by [header] elements 8 | # - You can enter hostnames or ip addresses 9 | # - A hostname/ip can be a member of multiple groups 10 | 11 | # Ex 1: Ungrouped hosts, specify before any group headers. 12 | 13 | #54.254.192.82 14 | 15 | # Ex 2: A collection of hosts belonging to the 'webservers' group 16 | 17 | [prod-app] 18 | prodapp1 ansible_ssh_host=54.254.192.82 19 | 20 | [webservers] 21 | 22 | test ansible_ssh_host=54.254.241.108 23 | 54.179.159.33 24 | 25 | [launched] 26 | #54.169.243.163 ansible_ssh_private_key_file=~/.ssh/production.pem 27 | #54.169.221.229 ansible_ssh_private_key_file=~/.ssh/production.pem host_key_checking=False 28 | #54.169.232.128 ansible_ssh_private_key_file=~/.ssh/production.pem 29 | 54.169.228.142 ansible_ssh_private_key_file=~/.ssh/production.pem 30 | 31 | [launched_frontend] 32 | #54.254.135.218 ansible_ssh_private_key_file=~/.ssh/production.pem 33 | #54.254.213.95 ansible_ssh_private_key_file=~/.ssh/production.pem 34 | #54.169.243.245 ansible_ssh_private_key_file=~/.ssh/production.pem 35 | #54.179.160.121 ansible_ssh_private_key_file=~/.ssh/production.pem 36 | #54.169.248.37 ansible_ssh_private_key_file=~/.ssh/production.pem 37 | 54.169.225.95 ansible_ssh_private_key_file=~/.ssh/production.pem 38 | 54.169.228.142 ansible_ssh_private_key_file=~/.ssh/production.pem 39 | 40 | -------------------------------------------------------------------------------- /orchestrate_app_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: orchestration 3 | hosts: launched 4 | sudo: yes 5 | roles: 6 | - rvm_io.rvm1-ruby 7 | # - nginx-passenger 8 | - client-packages 9 | # - s3cmd 10 | # - rvm_io.rvm1-ruby 11 | # - nginx-passenger 12 | # - mysql 13 | # - webserver 14 | 15 | 16 | -------------------------------------------------------------------------------- /orchestrate_frontend_server.yml: -------------------------------------------------------------------------------- 1 | #VERSION: 0.0.3 2 | 3 | --- 4 | - hosts: launched_frontend 5 | # sudo: yes 6 | # remote_user: ubuntu 7 | tasks: 8 | - name: update apt 9 | become: yes 10 | become_method: sudo 11 | apt: update_cache=yes 12 | 13 | - name: Set up authorized_keys for the deploy user 14 | authorized_key: user=ubuntu 15 | key="{{item}}" 16 | with_file: 17 | - /home/ubuntu/ssh_keys/tanmay.pub 18 | - /home/ubuntu/ssh_keys/ajeet.pub 19 | 20 | - name: copy node installation script to remote server 21 | # become: yes 22 | # become_method: sudo 23 | # remote_user: ubuntu 24 | copy: src=/home/ubuntu/install-nodejs.sh dest=/home/ubuntu/ mode=0755 25 | 26 | - name: installing node via script 27 | shell: /home/ubuntu/install-nodejs.sh 28 | 29 | - name: Install git 30 | become: yes 31 | become_method: sudo 32 | apt: pkg={{item}} state=present 33 | with_items: 34 | # - nodejs-legacy 35 | # - npm 36 | - git 37 | 38 | - name: source bashrc 39 | sudo: no 40 | shell: . /home/ubuntu/.bashrc 41 | 42 | - name: echo node_path and path shell variable 43 | shell: echo $NODE_PATH 44 | register: my_var 45 | 46 | - debug: var=my_var 47 | - name: Installing ember-cli and bower 48 | become: yes 49 | become_method: sudo 50 | npm: name={{item}} executable=/home/ubuntu/local/node/bin/npm global=yes 51 | with_items: 52 | - bower 53 | - ember-cli 54 | 55 | 56 | - name: make .ssh directory 57 | file: path=/home/ubuntu/.ssh state=directory 58 | 59 | - name: copy public and private key to api server 60 | copy: src=~/.ssh/id_rsa dest=/home/ubuntu/.ssh/ mode=0600 61 | 62 | - name: copy public and private key to api server 63 | copy: src=~/.ssh/id_rsa.pub dest=/home/ubuntu/.ssh/ 64 | 65 | - name: Deploy site files from Github repository 66 | git: repo=git@github.com:imlitech/erp-frontend.git dest=/home/ubuntu/erp-frontend key_file=/home/ubuntu/.ssh/id_rsa accept_hostkey=yes force=yes version=release 67 | 68 | # - name: copy node installation script to remote server 69 | # synchronize: src=/home/ubuntu/frontend_deploy.sh dest=/home/ubuntu/ 70 | 71 | # - name: installing node via script 72 | # command: ./frontend_deploy.sh 73 | # - name: creating symlink for bower 74 | # become: yes 75 | # become_method: sudo 76 | # command: ln -s /usr/bin/env /home/ubuntu/local/node/bin/node 77 | # - name: copy frontend deployment script to remote server 78 | # synchronize: src=/home/ubuntu/frontend_deploy.sh dest=/home/ubuntu/ 79 | 80 | # - name: installing node via script 81 | # shell: /home/ubuntu/frontend_deploy.sh 82 | 83 | # - name: Running bower install 84 | # bower: path=/home/ubuntu/erp-frontend executable=/home/ubuntu/local/node/lib/node_modules 85 | # remote_user: ubuntu 86 | # become: yes 87 | # become_method: sudo 88 | # command: "/home/ubuntu/local/node/lib/node_modules bower install" 89 | # shell: "bower install" 90 | # args: 91 | # chdir: /home/ubuntu/erp-frontend 92 | # executable: /home/ubuntu/local/node/bin/npm 93 | 94 | # - name: Running npm install 95 | # command: "/home/ubuntu/local/node/bin/node npm install" 96 | # args: 97 | # chdir: /home/ubuntu/erp-frontend 98 | # executable: /home/ubuntu/local/node/bin/npm 99 | # sudo: no 100 | # become_method: sudo 101 | # npm: path=/home/ubuntu/erp-frontend 102 | # - name: Building app 103 | # command: "ember build --production" 104 | # args: 105 | # chdir: /home/ubuntu/erp-frontend 106 | # executable: / 107 | 108 | - name: Installing nginx 109 | become: yes 110 | become_method: sudo 111 | apt: pkg=nginx state=installed update_cache=true 112 | 113 | 114 | - name: Remove the default app conf 115 | become: yes 116 | become_method: sudo 117 | file: path=/etc/nginx/sites-enabled/default state=absent 118 | 119 | - name: Remove the default app config if exists 120 | become: yes 121 | become_method: sudo 122 | file: path=/etc/nginx/sites-available/default state=absent 123 | 124 | - name: Configure nginx for the app 125 | sudo: yes 126 | become_method: sudo 127 | template: src=/home/ubuntu/templates/erp-frontend.conf.j2 dest=/etc/nginx/conf.d/erp-frontend.conf force=yes 128 | 129 | - name: Ensure nginx only read conf file in conf.d directory 130 | become: yes 131 | become_method: sudo 132 | lineinfile: 133 | dest=/etc/nginx/nginx.conf 134 | line=' include /etc/nginx/sites-enabled/*;' 135 | state=absent 136 | -------------------------------------------------------------------------------- /provision_app_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: provision 3 | hosts: localhost 4 | connection: localhost 5 | 6 | roles: 7 | - launch_app_server 8 | # - s3cmd 9 | # - rvm_io.rvm1-ruby 10 | # - nginx-passenger 11 | # - mysql 12 | # - webserver 13 | 14 | 15 | -------------------------------------------------------------------------------- /provision_frontend_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: provision frontend server 3 | hosts: localhost 4 | connection: localhost 5 | 6 | roles: 7 | - launch_frontend_server 8 | # - s3cmd 9 | # - rvm_io.rvm1-ruby 10 | # - nginx-passenger 11 | # - mysql 12 | # - webserver 13 | 14 | 15 | -------------------------------------------------------------------------------- /redis_installation.yml: -------------------------------------------------------------------------------- 1 | #VERSION: 0.0.3 2 | 3 | --- 4 | - hosts: webserver 5 | sudo: yes 6 | 7 | vars_files: 8 | - vars.yml 9 | 10 | tasks: 11 | - name: update apt 12 | apt: update_cache=yes 13 | 14 | - name: ensure packages installed 15 | apt: pkg={{ item }} state=latest 16 | with_items: 17 | - make 18 | - build-essential 19 | - tcl8.5 20 | 21 | - name: download latest stable redis 22 | get_url: url=http://download.redis.io/redis-stable.tar.gz dest=/tmp/redis-stable.tar.gz 23 | 24 | - name: untar redis 25 | command: tar zxf /tmp/redis-stable.tar.gz -C /tmp 26 | 27 | - name: build redis 28 | command: make -C /tmp/redis-stable 29 | 30 | - name: create redis group 31 | group: name=redis state=present system=yes 32 | 33 | - name: create redis user 34 | user: name=redis group=redis createhome=no shell=/bin/false system=yes state=present 35 | 36 | - name: make sure that /etc/redis exists 37 | file: path=/etc/redis state=directory mode=0755 38 | 39 | - name: make sure that /var/db/redis exists 40 | file: path=/var/db/redis state=directory mode=0755 group=redis owner=redis 41 | 42 | - name: make sure redis.log file exists 43 | copy: src=templates/redis.log dest=/var/log/redis.log owner=redis group=redis mode=0644 44 | 45 | - name: copy upstart file 46 | copy: src=templates/upstart.conf dest=/etc/init/redis.conf 47 | 48 | - name: copy redis.conf file 49 | copy: src=templates/redis.conf dest=/etc/redis/redis.conf group=redis owner=redis 50 | 51 | - name: copy custom template 52 | template: src=templates/redis.local.conf.j2 dest=/etc/redis/redis.local.conf group=redis owner=redis 53 | 54 | - name: copy redis-local script 55 | template: src=templates/redis-local.j2 dest=/usr/local/bin/redis-local mode=0755 56 | 57 | - name: installing redis binaries 58 | command: cp /tmp/redis-stable/src/{{ item }} /usr/local/bin 59 | with_items: 60 | - redis-server 61 | - redis-cli 62 | - redis-check-aof 63 | - redis-check-dump 64 | 65 | - name: cleaning up build files 66 | command: rm -rf /tmp/{{ item }} 67 | with_items: 68 | - redis-stable 69 | - redis-stable.tar.gz 70 | 71 | - name: ensure redis service is restarted 72 | service: name=redis state=restarted -------------------------------------------------------------------------------- /remote_deployment.yml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | - hosts: launched 4 | # sudo: yes 5 | # host_key_checking: false 6 | remote_user: ubuntu 7 | # environment: 8 | # ANSIBLE_HOST_KEY_CHECKING: False 9 | tasks: 10 | - name: update apt 11 | sudo: yes 12 | apt: update_cache=yes 13 | 14 | - name: Set up authorized_keys for the deploy user 15 | authorized_key: user=ubuntu 16 | key="{{item}}" 17 | with_file: 18 | - /home/ubuntu/ssh_keys/tanmay.pub 19 | - /home/ubuntu/ssh_keys/ajeet.pub 20 | 21 | # - name: ensure public key and public one are present 22 | # sudo: yes 23 | # copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600 24 | # with_items: 25 | # - id_rsa.pub 26 | # - name: Deploy site files from Github repository 27 | # sudo: yes 28 | # git: repo=git@github.com:imlitech/imli-backend.git dest=/home/{{deploy_user}}/{{app_name}} key_file=/home/ubuntu/.ssh/id_rsa accept_hostkey=yes force=yes version=release 29 | # - name: config database.yml 30 | # template: src=database.yml.j2 dest={{ deploy_directory}}/config/database.yml 31 | 32 | - name: rsync the content app 33 | synchronize: src={{deploy_directory}} dest=/home/ubuntu/ 34 | 35 | - name: make .ssh directory 36 | file: path=/home/ubuntu/.ssh state=directory 37 | 38 | - name: copy public and private key to api server 39 | copy: src=~/.ssh/id_rsa dest=/home/ubuntu/.ssh/ mode=0600 40 | 41 | - name: copy public and private key to api server 42 | copy: src=~/.ssh/id_rsa.pub dest=/home/ubuntu/.ssh/ 43 | 44 | # - name: test connection to git 45 | # command: ssh -vvv git@github.com:imlitech/imli-backend.git key_file=/home/ubuntu/.ssh/id_rsa accept_hostkey=yes 46 | # - name: adding git ssh key to known host 47 | # git: repo=git@github.com:imlitech/imli-backend.git key_file=/home/ubuntu/.ssh/id_rsa accept_hostkey=yes force=yes version=release 48 | # - name: ensure github is a known host 49 | # command: ssh-keyscan -H github.com >> /home/ubuntu/.ssh/known_hosts 50 | 51 | - name: ensure github.com is a known host 52 | sudo: yes 53 | lineinfile: 54 | dest: /home/ubuntu/.ssh/known_hosts 55 | create: yes 56 | state: present 57 | line: "{{ lookup('pipe', 'ssh-keyscan -t rsa github.com') }}" 58 | regexp: "^github\\.com" 59 | 60 | - name: bundle install 61 | command: bundle install chdir={{deploy_directory}} 62 | 63 | - name: sidekiq initializer 64 | command: bundle exec sidekiq -C ./config/sidekiq.yml -e production -d chdir={{deploy_directory}} 65 | 66 | # - name: migrate create 67 | # command: rake db:create RAILS_ENV="production" chdir={{ deploy_directory }} 68 | 69 | # - name: database migrate 70 | # command: rake db:migrate RAILS_ENV="production" chdir={{ deploy_directory }} 71 | 72 | # - name: tmp clear 73 | # command: bundle exec rake tmp:clear chdir={{ deploy_directory }} 74 | 75 | # - name: restart app 76 | # command: touch tmp/restart.txt chdir={{ deploy_directory¯ }} 77 | # command: echo "{{deploy_directory}}" 78 | - name: Restart nginx 79 | action: service name=nginx state=restarted 80 | -------------------------------------------------------------------------------- /roles/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible/1564a3c83eb6e086c8172fad0aaf386a14e4f081/roles/.DS_Store -------------------------------------------------------------------------------- /roles/client-packages/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Install libraries 2 | apt: name={{ item }} state=present 3 | with_items: 4 | - libpq-dev 5 | - imagemagick 6 | - gifsicle 7 | - jhead 8 | - jpegoptim 9 | - libjpeg-progs 10 | - optipng 11 | - pngcrush 12 | - pngquant 13 | - libxslt-dev 14 | - libxml2-dev 15 | - git 16 | -------------------------------------------------------------------------------- /roles/deploy/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #- name: Deploy site files from Github repository 2 | # sudo: yes 3 | # git: repo=git@github.com:imlitech/imli-backend.git dest=/home/{{deploy_user}}/{{app_name}} key_file=/home/ubuntu/.ssh/id_rsa accept_hostkey=yes force=yes version=release 4 | 5 | #- name: precompile assets 6 | # local_action: command bundle exec rake assets:precompile chdir=../ 7 | #- name: copy files (src is Rails root folder) 8 | # synchronize: src=../../../../ dest={{ deploy_directory }} delete=yes rsync_opts=--exclude=.git/,--exclude=log/,--exclude=tmp/cache 9 | #- name: config database.yml 10 | # template: src=database.yml.j2 dest={{ deploy_directory}}/config/database.yml 11 | #- name: bundle install 12 | # command: bundle install chdir={{ deploy_directory }} 13 | - name: migrate create 14 | command: rake db:create RAILS_ENV="production" chdir={{ deploy_directory }} 15 | - name: migrate create 16 | command: rake db:migrate RAILS_ENV="production" chdir={{ deploy_directory }} 17 | - name: tmp clear 18 | command: bundle exec rake tmp:clear chdir={{ deploy_directory }} 19 | - name: log clear 20 | command: bundle exec rake log:clear chdir={{ deploy_directory }} 21 | #- name: setup weekly bot cron 22 | # cron: name="Weekly Bot" minute="0" hour="8" weekday="1" 23 | # job="/bin/bash -l -c 'cd {{ deploy_directory }} && RAILS_ENV=production bundle exec rake app:weekly_bots'" 24 | #- name: setup daily bot cron 25 | # cron: name="Daily Bot" minute="0" hour="14" 26 | # job="/bin/bash -l -c 'cd {{ deploy_directory }} && RAILS_ENV=production bundle exec rake app:daily_bots'" 27 | - name: restart app 28 | command: touch tmp/restart.txt chdir={{ deploy_directory¯ }} 29 | # command: echo "{{deploy_directory}}" -------------------------------------------------------------------------------- /roles/deploy/templates/database.yml.j2: -------------------------------------------------------------------------------- 1 | production: 2 | adapter: mysql2 3 | encoding: utf8 4 | host: localhost 5 | database: {{ mysql_db_name }} 6 | pool: 5 7 | username: {{ mysql_db_user }} 8 | password: {{ mysql_db_password }} 9 | timeout: 5000 -------------------------------------------------------------------------------- /roles/launch_app_server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Launch the new EC2 Instance 4 | local_action: ec2 5 | group={{ security_group }} 6 | instance_type={{ instance_type}} 7 | image={{ image }} 8 | wait=true 9 | region={{ region }} 10 | keypair={{ keypair }} 11 | count={{count}} 12 | vpc_subnet_id={{vpc_subnet_id}} 13 | register: ec2 14 | 15 | - name: Add the newly created EC2 instance(s) to the local host group (located inside the directory) 16 | local_action: lineinfile 17 | dest="./hosts" 18 | regexp={{ item.public_ip }} 19 | insertafter="[launched]" line="{{ item.public_ip }} ansible_ssh_private_key_file=~/.ssh/{{ keypair }}.pem" 20 | with_items: ec2.instances 21 | 22 | - name: Wait for SSH to come up 23 | wait_for: host={{ item.public_ip }} port=22 delay=60 timeout=320 state=started 24 | with_items: ec2.instances 25 | 26 | - name: Add tag to Instance(s) 27 | local_action: ec2_tag resource={{ item.id }} region={{ region }} state=present 28 | with_items: ec2.instances 29 | args: 30 | tags: 31 | Name: prod-api 32 | -------------------------------------------------------------------------------- /roles/launch_app_server/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | instance_type: t2.micro 3 | security_group: prod-app-SG # Change the security group name here 4 | image: ami-96f1c1c4 # Change the AMI, from which you want to launch the server 5 | region: ap-southeast-1 # Change the Region 6 | keypair: production # Change the keypair name 7 | vpc_subnet_id: subnet-34600343 8 | count: 1 9 | -------------------------------------------------------------------------------- /roles/launch_frontend_server/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible/1564a3c83eb6e086c8172fad0aaf386a14e4f081/roles/launch_frontend_server/.DS_Store -------------------------------------------------------------------------------- /roles/launch_frontend_server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Launch the new EC2 Instance 4 | local_action: ec2 5 | group={{ security_group }} 6 | instance_type={{ instance_type}} 7 | image={{ image }} 8 | wait=true 9 | region={{ region }} 10 | keypair={{ keypair }} 11 | count={{count}} 12 | vpc_subnet_id={{vpc_subnet_id}} 13 | register: ec2 14 | 15 | - name: Add the newly created EC2 instance(s) to the local host group (located inside the directory) 16 | local_action: lineinfile 17 | dest="./hosts" 18 | regexp={{ item.public_ip }} 19 | insertafter="[launched_frontend]" line="{{ item.public_ip }} ansible_ssh_private_key_file=~/.ssh/{{ keypair }}.pem" 20 | with_items: ec2.instances 21 | 22 | - name: Wait for SSH to come up 23 | wait_for: host={{ item.public_ip }} port=22 delay=60 timeout=320 state=started 24 | with_items: ec2.instances 25 | 26 | - name: Add tag to Instance(s) 27 | local_action: ec2_tag resource={{ item.id }} region={{ region }} state=present 28 | with_items: ec2.instances 29 | args: 30 | tags: 31 | Name: prod-frontend 32 | -------------------------------------------------------------------------------- /roles/launch_frontend_server/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | instance_type: t2.medium 3 | security_group: prod-app-SG # Change the security group name here 4 | image: ami-96f1c1c4 # Change the AMI, from which you want to launch the server 5 | region: ap-southeast-1 # Change the Region 6 | keypair: production # Change the keypair name 7 | vpc_subnet_id: subnet-bc7f10cb 8 | count: 1 9 | -------------------------------------------------------------------------------- /roles/nginx-passenger/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible/1564a3c83eb6e086c8172fad0aaf386a14e4f081/roles/nginx-passenger/.DS_Store -------------------------------------------------------------------------------- /roles/nginx-passenger/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-nginx-passenger 3 | -------------------------------------------------------------------------------- /roles/nginx-passenger/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-nginx-passenger 3 | -------------------------------------------------------------------------------- /roles/nginx-passenger/passenger.list: -------------------------------------------------------------------------------- 1 | deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ distro.stdout }} main 2 | -------------------------------------------------------------------------------- /roles/nginx-passenger/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove apache2, nginx and passenger 3 | apt: name={{ item }} state=absent 4 | with_items: 5 | - apache2 6 | - nginx 7 | - passenger 8 | 9 | - name: Install Passenger PGP key 10 | apt_key: url='http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0xAC40B2F7' state=present 11 | 12 | - name: Add HTTPS support for apt 13 | apt: name={{ item }} state=present update_cache=yes 14 | with_items: 15 | - apt-transport-https 16 | - ca-certificates 17 | 18 | - name: Find ubuntu/debian distro short name 19 | shell: > 20 | lsb_release -c | cut -d: -f2 | sed 's/\s//g' 21 | register: distro 22 | 23 | - name: Add passenger source 24 | template: src=passenger.list dest=/etc/apt/sources.list.d/passenger.list owner=root group=root mode=0600 25 | 26 | - name: Update 27 | apt: update_cache=yes 28 | 29 | - name: Install packages 30 | apt: name={{ item }} state=present 31 | with_items: 32 | - nginx-extras 33 | - passenger 34 | 35 | - name: Ensure passenger_root is set 36 | lineinfile: 37 | dest=/etc/nginx/nginx.conf 38 | state=present 39 | backup=yes 40 | regexp='#?\s*passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;' 41 | line='passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;' 42 | 43 | - name: Ensure passenger_ruby is set 44 | lineinfile: 45 | dest=/etc/nginx/nginx.conf 46 | state=present 47 | backup=yes 48 | backrefs=yes 49 | regexp='#?\s*passenger_ruby /usr/bin/passenger_free_ruby;' 50 | line='passenger_ruby /home/ubuntu/.rvm/rubies/ruby-2.2.1/bin/ruby;' 51 | 52 | - name: Remove the default app 53 | command: rm -rf /etc/nginx/sites-enabled/default 54 | 55 | - name: Remove the default app config if exists 56 | command: rm -rf /etc/nginx/sites-enabled/default 57 | 58 | - name: Remove the app's symlink if exists 59 | command: rm -rf /etc/nginx/sites-enabled/{{ app_name }} 60 | 61 | - name: Configure nginx for the app 62 | template: src=etc_nginx_sites-available.conf.j2 dest=/etc/nginx/sites-available/{{ app_name }} group=www-data owner=www-data force=yes 63 | 64 | - name: Enable the app 65 | command: ln -s /etc/nginx/sites-available/{{ app_name }} /etc/nginx/sites-enabled/{{ app_name }} 66 | 67 | - name: Restart nginx 68 | action: service name=nginx state=restarted 69 | -------------------------------------------------------------------------------- /roles/nginx-passenger/templates/etc_nginx_sites-available.conf.j2: -------------------------------------------------------------------------------- 1 | server { 2 | gzip on; 3 | listen 80; 4 | 5 | gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json; 6 | server_name {{ webserver_name }}; 7 | root {{ deploy_directory }}/public; 8 | 9 | passenger_enabled on; 10 | 11 | # This Rails web app will use Ruby 1.9.3, as installed by RVM 12 | #passenger_ruby /local/rvm/wrappers/ruby-1.9.3-p551/ruby; 13 | 14 | client_max_body_size 100M; 15 | 16 | location /robots.txt {} 17 | 18 | location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { 19 | expires 1y; 20 | log_not_found off; 21 | } 22 | 23 | location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/ { 24 | gzip_static on; 25 | expires max; 26 | add_header Cache-Control public; 27 | add_header Last-Modified ""; 28 | add_header ETag ""; 29 | 30 | break; 31 | } 32 | } 33 | 34 | server { 35 | server_name {{ webserver_name }}; 36 | rewrite ^ http://{{ webserver_name }}$request_uri? permanent; 37 | } 38 | -------------------------------------------------------------------------------- /roles/nginx-passenger/templates/passenger.list: -------------------------------------------------------------------------------- 1 | deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ distro.stdout }} main 2 | -------------------------------------------------------------------------------- /roles/nginx-passenger/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-nginx-passenger 3 | webserver_name: api.buyample.com 4 | 5 | 6 | -------------------------------------------------------------------------------- /roles/postgresql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #VERSION: 0.0.3 2 | 3 | --- 4 | - hosts: webserver 5 | sudo: yes 6 | 7 | vars_files: 8 | - vars.yml 9 | 10 | tasks: 11 | - name: update apt 12 | apt: update_cache=yes 13 | 14 | - name: ensure packages installed 15 | apt: pkg={{ item }} state=latest 16 | with_items: 17 | - make 18 | - build-essential 19 | - tcl8.5 20 | 21 | - name: download latest stable redis 22 | get_url: url=http://download.redis.io/redis-stable.tar.gz dest=/tmp/redis-stable.tar.gz 23 | 24 | - name: untar redis 25 | command: tar zxf /tmp/redis-stable.tar.gz -C /tmp 26 | 27 | - name: build redis 28 | command: make -C /tmp/redis-stable 29 | 30 | - name: create redis group 31 | group: name=redis state=present system=yes 32 | 33 | - name: create redis user 34 | user: name=redis group=redis createhome=no shell=/bin/false system=yes state=present 35 | 36 | - name: make sure that /etc/redis exists 37 | file: path=/etc/redis state=directory mode=0755 38 | 39 | - name: make sure that /var/db/redis exists 40 | file: path=/var/db/redis state=directory mode=0755 group=redis owner=redis 41 | 42 | - name: make sure redis.log file exists 43 | copy: src=templates/redis.log dest=/var/log/redis.log owner=redis group=redis mode=0644 44 | 45 | - name: copy upstart file 46 | copy: src=../templates/upstart.conf dest=/etc/init/redis.conf 47 | 48 | - name: copy redis.conf file 49 | copy: src=../templates/redis.conf dest=/etc/redis/redis.conf group=redis owner=redis 50 | 51 | - name: copy custom template 52 | template: src=../templates/redis.local.conf.j2 dest=/etc/redis/redis.local.conf group=redis owner=redis 53 | 54 | - name: copy redis-local script 55 | template: src=../templates/redis-local.j2 dest=/usr/local/bin/redis-local mode=0755 56 | 57 | - name: installing redis binaries 58 | command: cp /tmp/redis-stable/src/{{ item }} /usr/local/bin 59 | with_items: 60 | - redis-server 61 | - redis-cli 62 | - redis-check-aof 63 | - redis-check-dump 64 | 65 | - name: cleaning up build files 66 | command: rm -rf /tmp/{{ item }} 67 | with_items: 68 | - redis-stable 69 | - redis-stable.tar.gz 70 | 71 | - name: ensure redis service is restarted 72 | service: name=redis state=restarted -------------------------------------------------------------------------------- /roles/postgresql/templates/redis-local.j2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### auth with local redis install 4 | 5 | {% if redis_password %} 6 | 7 | redis-cli -p 6379 -a {{ redis_password }} 8 | 9 | {% else %} 10 | 11 | redis-cli -p {{ redis_port }} 12 | 13 | {% endif %} -------------------------------------------------------------------------------- /roles/postgresql/templates/redis.conf: -------------------------------------------------------------------------------- 1 | # Redis configuration file example 2 | 3 | # Note on units: when memory size is needed, it is possible to specify 4 | # it in the usual form of 1k 5GB 4M and so forth: 5 | # 6 | # 1k => 1000 bytes 7 | # 1kb => 1024 bytes 8 | # 1m => 1000000 bytes 9 | # 1mb => 1024*1024 bytes 10 | # 1g => 1000000000 bytes 11 | # 1gb => 1024*1024*1024 bytes 12 | # 13 | # units are case insensitive so 1GB 1Gb 1gB are all the same. 14 | 15 | # By default Redis does not run as a daemon. Use 'yes' if you need it. 16 | # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. 17 | daemonize no 18 | 19 | # When running daemonized, Redis writes a pid file in /var/run/redis.pid by 20 | # default. You can specify a custom pid file location here. 21 | pidfile /var/run/redis.pid 22 | 23 | # Accept connections on the specified port, default is 6379. 24 | # If port 0 is specified Redis will not listen on a TCP socket. 25 | port 6379 26 | 27 | # If you want you can bind a single interface, if the bind option is not 28 | # specified all the interfaces will listen for incoming connections. 29 | # 30 | # bind 127.0.0.1 31 | 32 | # Specify the path for the unix socket that will be used to listen for 33 | # incoming connections. There is no default, so Redis will not listen 34 | # on a unix socket when not specified. 35 | # 36 | # unixsocket /tmp/redis.sock 37 | # unixsocketperm 755 38 | 39 | # Close the connection after a client is idle for N seconds (0 to disable) 40 | timeout 0 41 | 42 | # Set server verbosity to 'debug' 43 | # it can be one of: 44 | # debug (a lot of information, useful for development/testing) 45 | # verbose (many rarely useful info, but not a mess like the debug level) 46 | # notice (moderately verbose, what you want in production probably) 47 | # warning (only very important / critical messages are logged) 48 | loglevel notice 49 | 50 | # Specify the log file name. Also 'stdout' can be used to force 51 | # Redis to log on the standard output. Note that if you use standard 52 | # output for logging but daemonize, logs will be sent to /dev/null 53 | logfile "" 54 | 55 | # To enable logging to the system logger, just set 'syslog-enabled' to yes, 56 | # and optionally update the other syslog parameters to suit your needs. 57 | # syslog-enabled no 58 | 59 | # Specify the syslog identity. 60 | # syslog-ident redis 61 | 62 | # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. 63 | # syslog-facility local0 64 | 65 | # Set the number of databases. The default database is DB 0, you can select 66 | # a different one on a per-connection basis using SELECT where 67 | # dbid is a number between 0 and 'databases'-1 68 | databases 16 69 | 70 | ################################ SNAPSHOTTING ################################# 71 | # 72 | # Save the DB on disk: 73 | # 74 | # save 75 | # 76 | # Will save the DB if both the given number of seconds and the given 77 | # number of write operations against the DB occurred. 78 | # 79 | # In the example below the behaviour will be to save: 80 | # after 900 sec (15 min) if at least 1 key changed 81 | # after 300 sec (5 min) if at least 10 keys changed 82 | # after 60 sec if at least 10000 keys changed 83 | # 84 | # Note: you can disable saving at all commenting all the "save" lines. 85 | # 86 | # It is also possible to remove all the previously configured save 87 | # points by adding a save directive with a single empty string argument 88 | # like in the following example: 89 | # 90 | # save "" 91 | 92 | save 900 1 93 | save 300 10 94 | save 60 10000 95 | 96 | # By default Redis will stop accepting writes if RDB snapshots are enabled 97 | # (at least one save point) and the latest background save failed. 98 | # This will make the user aware (in an hard way) that data is not persisting 99 | # on disk properly, otherwise chances are that no one will notice and some 100 | # distater will happen. 101 | # 102 | # If the background saving process will start working again Redis will 103 | # automatically allow writes again. 104 | # 105 | # However if you have setup your proper monitoring of the Redis server 106 | # and persistence, you may want to disable this feature so that Redis will 107 | # continue to work as usually even if there are problems with disk, 108 | # permissions, and so forth. 109 | stop-writes-on-bgsave-error yes 110 | 111 | # Compress string objects using LZF when dump .rdb databases? 112 | # For default that's set to 'yes' as it's almost always a win. 113 | # If you want to save some CPU in the saving child set it to 'no' but 114 | # the dataset will likely be bigger if you have compressible values or keys. 115 | rdbcompression yes 116 | 117 | # Since verison 5 of RDB a CRC64 checksum is placed at the end of the file. 118 | # This makes the format more resistant to corruption but there is a performance 119 | # hit to pay (around 10%) when saving and loading RDB files, so you can disable it 120 | # for maximum performances. 121 | # 122 | # RDB files created with checksum disabled have a checksum of zero that will 123 | # tell the loading code to skip the check. 124 | rdbchecksum yes 125 | 126 | # The filename where to dump the DB 127 | dbfilename dump.rdb 128 | 129 | # The working directory. 130 | # 131 | # The DB will be written inside this directory, with the filename specified 132 | # above using the 'dbfilename' configuration directive. 133 | # 134 | # Also the Append Only File will be created inside this directory. 135 | # 136 | # Note that you must specify a directory here, not a file name. 137 | dir ./ 138 | 139 | ################################# REPLICATION ################################# 140 | 141 | # Master-Slave replication. Use slaveof to make a Redis instance a copy of 142 | # another Redis server. Note that the configuration is local to the slave 143 | # so for example it is possible to configure the slave to save the DB with a 144 | # different interval, or to listen to another port, and so on. 145 | # 146 | # slaveof 147 | 148 | # If the master is password protected (using the "requirepass" configuration 149 | # directive below) it is possible to tell the slave to authenticate before 150 | # starting the replication synchronization process, otherwise the master will 151 | # refuse the slave request. 152 | # 153 | # masterauth 154 | 155 | # When a slave lost the connection with the master, or when the replication 156 | # is still in progress, the slave can act in two different ways: 157 | # 158 | # 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will 159 | # still reply to client requests, possibly with out of date data, or the 160 | # data set may just be empty if this is the first synchronization. 161 | # 162 | # 2) if slave-serve-stale data is set to 'no' the slave will reply with 163 | # an error "SYNC with master in progress" to all the kind of commands 164 | # but to INFO and SLAVEOF. 165 | # 166 | slave-serve-stale-data yes 167 | 168 | # You can configure a slave instance to accept writes or not. Writing against 169 | # a slave instance may be useful to store some ephemeral data (because data 170 | # written on a slave will be easily deleted after resync with the master) but 171 | # may also cause problems if clients are writing to it because of a 172 | # misconfiguration. 173 | # 174 | # Since Redis 2.6 by default slaves are read-only. 175 | # 176 | # Note: read only slaves are not designed to be exposed to untrusted clients 177 | # on the internet. It's just a protection layer against misuse of the instance. 178 | # Still a read only slave exports by default all the administrative commands 179 | # such as CONFIG, DEBUG, and so forth. To a limited extend you can improve 180 | # security of read only slaves using 'rename-command' to shadow all the 181 | # administrative / dangerous commands. 182 | slave-read-only yes 183 | 184 | # Slaves send PINGs to server in a predefined interval. It's possible to change 185 | # this interval with the repl_ping_slave_period option. The default value is 10 186 | # seconds. 187 | # 188 | # repl-ping-slave-period 10 189 | 190 | # The following option sets a timeout for both Bulk transfer I/O timeout and 191 | # master data or ping response timeout. The default value is 60 seconds. 192 | # 193 | # It is important to make sure that this value is greater than the value 194 | # specified for repl-ping-slave-period otherwise a timeout will be detected 195 | # every time there is low traffic between the master and the slave. 196 | # 197 | # repl-timeout 60 198 | 199 | # The slave priority is an integer number published by Redis in the INFO output. 200 | # It is used by Redis Sentinel in order to select a slave to promote into a 201 | # master if the master is no longer working correctly. 202 | # 203 | # A slave with a low priority number is considered better for promotion, so 204 | # for instance if there are three slaves with priority 10, 100, 25 Sentinel will 205 | # pick the one wtih priority 10, that is the lowest. 206 | # 207 | # However a special priority of 0 marks the slave as not able to perform the 208 | # role of master, so a slave with priority of 0 will never be selected by 209 | # Redis Sentinel for promotion. 210 | # 211 | # By default the priority is 100. 212 | slave-priority 100 213 | 214 | ################################## SECURITY ################################### 215 | 216 | # Require clients to issue AUTH before processing any other 217 | # commands. This might be useful in environments in which you do not trust 218 | # others with access to the host running redis-server. 219 | # 220 | # This should stay commented out for backward compatibility and because most 221 | # people do not need auth (e.g. they run their own servers). 222 | # 223 | # Warning: since Redis is pretty fast an outside user can try up to 224 | # 150k passwords per second against a good box. This means that you should 225 | # use a very strong password otherwise it will be very easy to break. 226 | # 227 | # requirepass foobared 228 | 229 | # Command renaming. 230 | # 231 | # It is possible to change the name of dangerous commands in a shared 232 | # environment. For instance the CONFIG command may be renamed into something 233 | # of hard to guess so that it will be still available for internal-use 234 | # tools but not available for general clients. 235 | # 236 | # Example: 237 | # 238 | # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 239 | # 240 | # It is also possible to completely kill a command renaming it into 241 | # an empty string: 242 | # 243 | # rename-command CONFIG "" 244 | 245 | ################################### LIMITS #################################### 246 | 247 | # Set the max number of connected clients at the same time. By default 248 | # this limit is set to 10000 clients, however if the Redis server is not 249 | # able ot configure the process file limit to allow for the specified limit 250 | # the max number of allowed clients is set to the current file limit 251 | # minus 32 (as Redis reserves a few file descriptors for internal uses). 252 | # 253 | # Once the limit is reached Redis will close all the new connections sending 254 | # an error 'max number of clients reached'. 255 | # 256 | # maxclients 10000 257 | 258 | # Don't use more memory than the specified amount of bytes. 259 | # When the memory limit is reached Redis will try to remove keys 260 | # accordingly to the eviction policy selected (see maxmemmory-policy). 261 | # 262 | # If Redis can't remove keys according to the policy, or if the policy is 263 | # set to 'noeviction', Redis will start to reply with errors to commands 264 | # that would use more memory, like SET, LPUSH, and so on, and will continue 265 | # to reply to read-only commands like GET. 266 | # 267 | # This option is usually useful when using Redis as an LRU cache, or to set 268 | # an hard memory limit for an instance (using the 'noeviction' policy). 269 | # 270 | # WARNING: If you have slaves attached to an instance with maxmemory on, 271 | # the size of the output buffers needed to feed the slaves are subtracted 272 | # from the used memory count, so that network problems / resyncs will 273 | # not trigger a loop where keys are evicted, and in turn the output 274 | # buffer of slaves is full with DELs of keys evicted triggering the deletion 275 | # of more keys, and so forth until the database is completely emptied. 276 | # 277 | # In short... if you have slaves attached it is suggested that you set a lower 278 | # limit for maxmemory so that there is some free RAM on the system for slave 279 | # output buffers (but this is not needed if the policy is 'noeviction'). 280 | # 281 | # maxmemory 282 | 283 | # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory 284 | # is reached? You can select among five behavior: 285 | # 286 | # volatile-lru -> remove the key with an expire set using an LRU algorithm 287 | # allkeys-lru -> remove any key accordingly to the LRU algorithm 288 | # volatile-random -> remove a random key with an expire set 289 | # allkeys-random -> remove a random key, any key 290 | # volatile-ttl -> remove the key with the nearest expire time (minor TTL) 291 | # noeviction -> don't expire at all, just return an error on write operations 292 | # 293 | # Note: with all the kind of policies, Redis will return an error on write 294 | # operations, when there are not suitable keys for eviction. 295 | # 296 | # At the date of writing this commands are: set setnx setex append 297 | # incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd 298 | # sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby 299 | # zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby 300 | # getset mset msetnx exec sort 301 | # 302 | # The default is: 303 | # 304 | # maxmemory-policy volatile-lru 305 | 306 | # LRU and minimal TTL algorithms are not precise algorithms but approximated 307 | # algorithms (in order to save memory), so you can select as well the sample 308 | # size to check. For instance for default Redis will check three keys and 309 | # pick the one that was used less recently, you can change the sample size 310 | # using the following configuration directive. 311 | # 312 | # maxmemory-samples 3 313 | 314 | ############################## APPEND ONLY MODE ############################### 315 | 316 | # By default Redis asynchronously dumps the dataset on disk. This mode is 317 | # good enough in many applications, but an issue with the Redis process or 318 | # a power outage may result into a few minutes of writes lost (depending on 319 | # the configured save points). 320 | # 321 | # The Append Only File is an alternative persistence mode that provides 322 | # much better durability. For instance using the default data fsync policy 323 | # (see later in the config file) Redis can lose just one second of writes in a 324 | # dramatic event like a server power outage, or a single write if something 325 | # wrong with the Redis process itself happens, but the operating system is 326 | # still running correctly. 327 | # 328 | # AOF and RDB persistence can be enabled at the same time without problems. 329 | # If the AOF is enabled on startup Redis will load the AOF, that is the file 330 | # with the better durability guarantees. 331 | # 332 | # Please check http://redis.io/topics/persistence for more information. 333 | 334 | appendonly no 335 | 336 | # The name of the append only file (default: "appendonly.aof") 337 | # appendfilename appendonly.aof 338 | 339 | # The fsync() call tells the Operating System to actually write data on disk 340 | # instead to wait for more data in the output buffer. Some OS will really flush 341 | # data on disk, some other OS will just try to do it ASAP. 342 | # 343 | # Redis supports three different modes: 344 | # 345 | # no: don't fsync, just let the OS flush the data when it wants. Faster. 346 | # always: fsync after every write to the append only log . Slow, Safest. 347 | # everysec: fsync only one time every second. Compromise. 348 | # 349 | # The default is "everysec" that's usually the right compromise between 350 | # speed and data safety. It's up to you to understand if you can relax this to 351 | # "no" that will let the operating system flush the output buffer when 352 | # it wants, for better performances (but if you can live with the idea of 353 | # some data loss consider the default persistence mode that's snapshotting), 354 | # or on the contrary, use "always" that's very slow but a bit safer than 355 | # everysec. 356 | # 357 | # More details please check the following article: 358 | # http://antirez.com/post/redis-persistence-demystified.html 359 | # 360 | # If unsure, use "everysec". 361 | 362 | # appendfsync always 363 | appendfsync everysec 364 | # appendfsync no 365 | 366 | # When the AOF fsync policy is set to always or everysec, and a background 367 | # saving process (a background save or AOF log background rewriting) is 368 | # performing a lot of I/O against the disk, in some Linux configurations 369 | # Redis may block too long on the fsync() call. Note that there is no fix for 370 | # this currently, as even performing fsync in a different thread will block 371 | # our synchronous write(2) call. 372 | # 373 | # In order to mitigate this problem it's possible to use the following option 374 | # that will prevent fsync() from being called in the main process while a 375 | # BGSAVE or BGREWRITEAOF is in progress. 376 | # 377 | # This means that while another child is saving the durability of Redis is 378 | # the same as "appendfsync none", that in practical terms means that it is 379 | # possible to lost up to 30 seconds of log in the worst scenario (with the 380 | # default Linux settings). 381 | # 382 | # If you have latency problems turn this to "yes". Otherwise leave it as 383 | # "no" that is the safest pick from the point of view of durability. 384 | no-appendfsync-on-rewrite no 385 | 386 | # Automatic rewrite of the append only file. 387 | # Redis is able to automatically rewrite the log file implicitly calling 388 | # BGREWRITEAOF when the AOF log size will growth by the specified percentage. 389 | # 390 | # This is how it works: Redis remembers the size of the AOF file after the 391 | # latest rewrite (or if no rewrite happened since the restart, the size of 392 | # the AOF at startup is used). 393 | # 394 | # This base size is compared to the current size. If the current size is 395 | # bigger than the specified percentage, the rewrite is triggered. Also 396 | # you need to specify a minimal size for the AOF file to be rewritten, this 397 | # is useful to avoid rewriting the AOF file even if the percentage increase 398 | # is reached but it is still pretty small. 399 | # 400 | # Specify a percentage of zero in order to disable the automatic AOF 401 | # rewrite feature. 402 | 403 | auto-aof-rewrite-percentage 100 404 | auto-aof-rewrite-min-size 64mb 405 | 406 | ################################ LUA SCRIPTING ############################### 407 | 408 | # Max execution time of a Lua script in milliseconds. 409 | # 410 | # If the maximum execution time is reached Redis will log that a script is 411 | # still in execution after the maximum allowed time and will start to 412 | # reply to queries with an error. 413 | # 414 | # When a long running script exceed the maximum execution time only the 415 | # SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be 416 | # used to stop a script that did not yet called write commands. The second 417 | # is the only way to shut down the server in the case a write commands was 418 | # already issue by the script but the user don't want to wait for the natural 419 | # termination of the script. 420 | # 421 | # Set it to 0 or a negative value for unlimited execution without warnings. 422 | lua-time-limit 5000 423 | 424 | ################################ REDIS CLUSTER ############################### 425 | # 426 | # Normal Redis instances can't be part of a Redis Cluster, only nodes that are 427 | # started as cluster nodes can. In order to start a Redis instance as a 428 | # cluster node enable the cluster support uncommenting the following: 429 | # 430 | # cluster-enabled yes 431 | 432 | # Every cluster node has a cluster configuration file. This file is not 433 | # intended to be edited by hand. It is created and updated by Redis nodes. 434 | # Every Redis Cluster node requires a different cluster configuration file. 435 | # Make sure that instances running in the same system does not have 436 | # overlapping cluster configuration file names. 437 | # 438 | # cluster-config-file nodes-6379.conf 439 | 440 | # In order to setup your cluster make sure to read the documentation 441 | # available at http://redis.io web site. 442 | 443 | ################################## SLOW LOG ################################### 444 | 445 | # The Redis Slow Log is a system to log queries that exceeded a specified 446 | # execution time. The execution time does not include the I/O operations 447 | # like talking with the client, sending the reply and so forth, 448 | # but just the time needed to actually execute the command (this is the only 449 | # stage of command execution where the thread is blocked and can not serve 450 | # other requests in the meantime). 451 | # 452 | # You can configure the slow log with two parameters: one tells Redis 453 | # what is the execution time, in microseconds, to exceed in order for the 454 | # command to get logged, and the other parameter is the length of the 455 | # slow log. When a new command is logged the oldest one is removed from the 456 | # queue of logged commands. 457 | 458 | # The following time is expressed in microseconds, so 1000000 is equivalent 459 | # to one second. Note that a negative number disables the slow log, while 460 | # a value of zero forces the logging of every command. 461 | slowlog-log-slower-than 10000 462 | 463 | # There is no limit to this length. Just be aware that it will consume memory. 464 | # You can reclaim memory used by the slow log with SLOWLOG RESET. 465 | slowlog-max-len 128 466 | 467 | ############################### ADVANCED CONFIG ############################### 468 | 469 | # Hashes are encoded using a memory efficient data structure when they have a 470 | # small number of entries, and the biggest entry does not exceed a given 471 | # threshold. These thresholds can be configured using the following directives. 472 | hash-max-ziplist-entries 512 473 | hash-max-ziplist-value 64 474 | 475 | # Similarly to hashes, small lists are also encoded in a special way in order 476 | # to save a lot of space. The special representation is only used when 477 | # you are under the following limits: 478 | list-max-ziplist-entries 512 479 | list-max-ziplist-value 64 480 | 481 | # Sets have a special encoding in just one case: when a set is composed 482 | # of just strings that happens to be integers in radix 10 in the range 483 | # of 64 bit signed integers. 484 | # The following configuration setting sets the limit in the size of the 485 | # set in order to use this special memory saving encoding. 486 | set-max-intset-entries 512 487 | 488 | # Similarly to hashes and lists, sorted sets are also specially encoded in 489 | # order to save a lot of space. This encoding is only used when the length and 490 | # elements of a sorted set are below the following limits: 491 | zset-max-ziplist-entries 128 492 | zset-max-ziplist-value 64 493 | 494 | # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in 495 | # order to help rehashing the main Redis hash table (the one mapping top-level 496 | # keys to values). The hash table implementation Redis uses (see dict.c) 497 | # performs a lazy rehashing: the more operation you run into an hash table 498 | # that is rehashing, the more rehashing "steps" are performed, so if the 499 | # server is idle the rehashing is never complete and some more memory is used 500 | # by the hash table. 501 | # 502 | # The default is to use this millisecond 10 times every second in order to 503 | # active rehashing the main dictionaries, freeing memory when possible. 504 | # 505 | # If unsure: 506 | # use "activerehashing no" if you have hard latency requirements and it is 507 | # not a good thing in your environment that Redis can reply form time to time 508 | # to queries with 2 milliseconds delay. 509 | # 510 | # use "activerehashing yes" if you don't have such hard requirements but 511 | # want to free memory asap when possible. 512 | activerehashing yes 513 | 514 | # The client output buffer limits can be used to force disconnection of clients 515 | # that are not reading data from the server fast enough for some reason (a 516 | # common reason is that a Pub/Sub client can't consume messages as fast as the 517 | # publisher can produce them). 518 | # 519 | # The limit can be set differently for the three different classes of clients: 520 | # 521 | # normal -> normal clients 522 | # slave -> slave clients and MONITOR clients 523 | # pubsub -> clients subcribed to at least one pubsub channel or pattern 524 | # 525 | # The syntax of every client-output-buffer-limit directive is the following: 526 | # 527 | # client-output-buffer-limit 528 | # 529 | # A client is immediately disconnected once the hard limit is reached, or if 530 | # the soft limit is reached and remains reached for the specified number of 531 | # seconds (continuously). 532 | # So for instance if the hard limit is 32 megabytes and the soft limit is 533 | # 16 megabytes / 10 seconds, the client will get disconnected immediately 534 | # if the size of the output buffers reach 32 megabytes, but will also get 535 | # disconnected if the client reaches 16 megabytes and continuously overcomes 536 | # the limit for 10 seconds. 537 | # 538 | # By default normal clients are not limited because they don't receive data 539 | # without asking (in a push way), but just after a request, so only 540 | # asynchronous clients may create a scenario where data is requested faster 541 | # than it can read. 542 | # 543 | # Instead there is a default limit for pubsub and slave clients, since 544 | # subscribers and slaves receive data in a push fashion. 545 | # 546 | # Both the hard or the soft limit can be disabled just setting it to zero. 547 | client-output-buffer-limit normal 0 0 0 548 | client-output-buffer-limit slave 256mb 64mb 60 549 | client-output-buffer-limit pubsub 32mb 8mb 60 550 | 551 | ################################## INCLUDES ################################### 552 | 553 | # Include one or more other config files here. This is useful if you 554 | # have a standard template that goes to all Redis server but also need 555 | # to customize a few per-server settings. Include files can include 556 | # other files, so use this wisely. 557 | # 558 | # include /path/to/local.conf 559 | 560 | include /etc/redis/redis.local.conf 561 | -------------------------------------------------------------------------------- /roles/postgresql/templates/redis.local.conf.j2: -------------------------------------------------------------------------------- 1 | #upstart takes care of this 2 | daemonize no 3 | 4 | pidfile /var/run/redis.pid 5 | port {{ redis_port }} 6 | timeout 0 7 | loglevel notice 8 | logfile /var/log/redis.log 9 | dir /var/db/redis/ 10 | 11 | {% if redis_password %} 12 | 13 | requirepass {{ redis_password }} 14 | 15 | {% endif %} 16 | -------------------------------------------------------------------------------- /roles/postgresql/templates/redis.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ann-felix/ansible/1564a3c83eb6e086c8172fad0aaf386a14e4f081/roles/postgresql/templates/redis.log -------------------------------------------------------------------------------- /roles/postgresql/templates/upstart.conf: -------------------------------------------------------------------------------- 1 | description "redis server" 2 | 3 | start on runlevel [23] 4 | stop on shutdown 5 | 6 | exec sudo -u redis /usr/local/bin/redis-server /etc/redis/redis.conf 7 | 8 | respawn 9 | respawn limit 5 60 10 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | */**.DS_Store 3 | ._* 4 | .*.sw* 5 | *~ 6 | .idea/ -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: 'python' 3 | python: '2.7' 4 | 5 | env: 6 | - SITE_AND_INVENTORY='tests/test.yml -i tests/inventory' 7 | 8 | before_install: 9 | - '__rvm_unload ; rm -rf ~/.rvm' 10 | 11 | install: 12 | - 'pip install ansible==1.7.1' 13 | - 'printf "[defaults]\nroles_path = ../" > ansible.cfg' 14 | 15 | script: 16 | - > 17 | ruby -v 18 | | grep -q 'ruby' 19 | && (echo 'No ruby test: pass' && exit 1) 20 | || (echo 'No ruby test: fail' && exit 0) 21 | - 'ansible-playbook $SITE_AND_INVENTORY --syntax-check' 22 | - 'ansible-playbook $SITE_AND_INVENTORY --connection=local -vvvv' 23 | - > 24 | ansible-playbook $SITE_AND_INVENTORY --connection=local 25 | | grep -q 'changed=0.*failed=0' 26 | && (echo 'Idempotence test: pass' && exit 0) 27 | || (echo 'Idempotence test: fail' && exit 1) 28 | - > 29 | ~/.rvm/wrappers/default/ruby -v 30 | | grep -q '2.1.2' 31 | && (echo 'Default ruby test: pass' && exit 0) 32 | || (echo 'Default ruby test: fail' && exit 1) 33 | - > 34 | ls ~/.rvm/rubies 35 | | grep -q 'ruby-2.1.0' 36 | && (echo 'Multiple rubies test: pass' && exit 0) 37 | || (echo 'Multiple rubies test: fail' && exit 1) 38 | - > 39 | ansible-playbook $SITE_AND_INVENTORY --connection=local --extra-vars='rvm1_delete_ruby=ruby-2.1.0' 40 | | grep -q 'ok=1.*failed=0' 41 | && (echo 'Delete ruby test: pass' && exit 0) 42 | || (echo 'Delete ruby test: fail' && exit 1) 43 | - > 44 | ls ~/.rvm/rubies/ | wc -l 45 | | grep -q '2' 46 | && (echo 'Really deleted ruby test: pass' && exit 0) 47 | || (echo 'Really deleted ruby test: fail' && exit 1) 48 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Install 1 or more versions of ruby 4 | # The last ruby listed will be set as the default ruby 5 | rvm1_rubies: 6 | - 'ruby-2.2.1' 7 | 8 | # Delete a specific version of ruby (ie. ruby-2.1.0) 9 | rvm1_delete_ruby: 10 | 11 | # Install path for rvm (defaults to system wide) 12 | rvm1_install_path: '/home/{{ ansible_ssh_user }}/.rvm' 13 | 14 | # Add or remove any install flags 15 | # NOTE: If you are doing a USER BASED INSTALL then 16 | # make sure you ADD the --user-install flag below 17 | rvm1_install_flags: '--auto-dotfiles' 18 | 19 | # Add additional ruby install flags 20 | rvm1_ruby_install_flags: 21 | 22 | # Set the owner for the rvm directory 23 | rvm1_user: 'ubuntu' 24 | 25 | # URL for the latest installer script 26 | rvm1_rvm_latest_installer: 'https://raw.githubusercontent.com/wayneeseguin/rvm/master/binscripts/rvm-installer' 27 | 28 | # rvm version to use 29 | rvm1_rvm_version: 'stable' 30 | 31 | # Check and update rvm, disabling this will force rvm to never update 32 | rvm1_rvm_check_for_updates: True 33 | 34 | # GPG key verification, use an empty string if you want to skip this 35 | # Note: Unless you know what you're doing, just keep it as is 36 | # Identity proof: https://keybase.io/mpapis 37 | # PGP message: https://rvm.io/mpapis.asc 38 | rvm1_gpg_keys: 'D39DC0E3' 39 | 40 | # The GPG key server 41 | rvm1_gpg_key_server: 'hkp://keys.gnupg.net' 42 | 43 | # autolib mode, see https://rvm.io/rvm/autolibs 44 | rvm1_autolib_mode: 3 45 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/defaults/main.yml.save: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Install 1 or more versions of ruby 4 | # The last ruby listed will be set as the default ruby 5 | rvm1_rubies: 6 | - 'ruby-2.2.1' 7 | 8 | # Delete a specific version of ruby (ie. ruby-2.1.0) 9 | rvm1_delete_ruby: 10 | 11 | # Install path for rvm (defaults to system wide) 12 | rvm1_install_path: '/usr/local/rvm' 13 | 14 | # Add or remove any install flags 15 | # NOTE: If you are doing a USER BASED INSTALL then 16 | # make sure you ADD the --user-install flag below 17 | rvm1_install_flags: '--auto-dotfiles --user-install' 18 | 19 | # Add additional ruby install flags 20 | rvm1_ruby_install_flags: 21 | 22 | # Set the owner for the rvm directory 23 | rvm1_user: 'ubuntu' 24 | 25 | # URL for the latest installer script 26 | rvm1_rvm_latest_installer: 'https://raw.githubusercontent.com/wayneeseguin/rvm/master/binscripts/rvm-installer' 27 | 28 | # rvm version to use 29 | rvm1_rvm_version: 'stable' 30 | 31 | # Check and update rvm, disabling this will force rvm to never update 32 | rvm1_rvm_check_for_updates: True 33 | 34 | # GPG key verification, use an empty string if you want to skip this 35 | # Note: Unless you know what you're doing, just keep it as is 36 | # Identity proof: https://keybase.io/mpapis 37 | # PGP message: https://rvm.io/mpapis.asc 38 | rvm1_gpg_keys: 'D39DC0E3' 39 | 40 | # The GPG key server 41 | rvm1_gpg_key_server: 'hkp://keys.gnupg.net' 42 | 43 | # autolib mode, see https://rvm.io/rvm/autolibs 44 | rvm1_autolib_mode: 3 45 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: 'rvm.yml' 4 | - include: 'rubies.yml' 5 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/tasks/rubies.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Detect if rubies are installed 4 | command: '{{ rvm1_rvm }} {{ item }} do true' 5 | changed_when: False 6 | failed_when: False 7 | register: detect_rubies 8 | with_items: rvm1_rubies 9 | when: rvm1_rubies 10 | 11 | - name: Install rubies 12 | command: '{{ rvm1_rvm }} install {{ item.item }} {{ rvm1_ruby_install_flags }}' 13 | when: rvm1_rubies and item.rc != 0 14 | with_items: detect_rubies.results 15 | sudo_user: '{{ rvm1_user }}' 16 | 17 | - name: Detect default ruby version 18 | command: '{{ rvm1_rvm }} alias list default' 19 | changed_when: False 20 | register: detect_default_ruby_version 21 | 22 | - name: Select default ruby 23 | command: '{{ rvm1_rvm }} alias create default {{ rvm1_default_ruby_version }}' 24 | when: detect_default_ruby_version.stdout == '' or 25 | rvm1_default_ruby_version not in detect_default_ruby_version.stdout 26 | 27 | - name: Install bundler if not installed 28 | shell: > 29 | {{ rvm1_install_path }}/wrappers/{{ item }}/gem list 30 | | if ! grep "^bundler " ; then {{ rvm1_install_path }}/wrappers/{{ item }}/gem install bundler ; fi 31 | args: 32 | creates: '{{ rvm1_install_path }}/wrappers/{{ item }}/bundler' 33 | with_items: rvm1_rubies 34 | register: bundler_install 35 | changed_when: '"Successfully installed bundler" in bundler_install.stdout' 36 | 37 | - name: Symlink ruby related binaries on the system path 38 | file: 39 | state: 'link' 40 | src: '{{ rvm1_install_path }}/wrappers/default/{{ item }}' 41 | dest: '{{ rvm1_symlink_to }}/{{ item }}' 42 | owner: 'ubuntu' 43 | group: 'ubuntu' 44 | when: not '--user-install' in rvm1_install_flags 45 | with_items: rvm1_symlink_binaries 46 | 47 | - name: Detect if ruby version can be deleted 48 | command: '{{ rvm1_rvm }} {{ rvm1_delete_ruby }} do true' 49 | changed_when: False 50 | failed_when: False 51 | register: detect_delete_ruby 52 | when: rvm1_delete_ruby 53 | 54 | - name: Delete ruby version 55 | command: '{{ rvm1_rvm }} remove {{ rvm1_delete_ruby }}' 56 | changed_when: False 57 | when: rvm1_delete_ruby and detect_delete_ruby.rc == 0 58 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/tasks/rvm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Detect rvm binary 4 | stat: path='{{ rvm1_rvm }}' 5 | register: rvm_binary 6 | 7 | - name: Detect rvm installer 8 | stat: path='{{ rvm1_temp_download_path }}/rvm-installer.sh' 9 | register: rvm_installer 10 | 11 | - name: Detect current rvm version 12 | command: '{{ rvm1_rvm}} version' 13 | changed_when: False 14 | register: rvm_current_version 15 | when: rvm_binary.stat.exists 16 | 17 | - name: Install rvm installer 18 | get_url: 19 | url: '{{ rvm1_rvm_latest_installer }}' 20 | dest: '{{ rvm1_temp_download_path }}/rvm-installer.sh' 21 | when: not rvm_installer.stat.exists 22 | 23 | - name: Configure rvm installer 24 | file: 25 | path: '{{ rvm1_temp_download_path }}/rvm-installer.sh' 26 | mode: 0755 27 | when: not rvm_binary.stat.exists 28 | 29 | - name: Import GPG keys 30 | command: 'gpg --keyserver {{ rvm1_gpg_key_server }} --recv-keys {{ rvm1_gpg_keys }}' 31 | changed_when: False 32 | when: rvm1_gpg_keys != '' 33 | sudo_user: '{{ rvm1_user }}' 34 | 35 | - name: Install rvm 36 | command: > 37 | {{ rvm1_temp_download_path }}/rvm-installer.sh {{ rvm1_rvm_version }} 38 | --path {{ rvm1_install_path }} {{ rvm1_install_flags }} 39 | when: not rvm_binary.stat.exists 40 | sudo_user: '{{ rvm1_user }}' 41 | 42 | - name: Update rvm 43 | shell: '{{ rvm1_rvm }} get {{ rvm1_rvm_version }} && {{ rvm1_rvm }} reload' 44 | changed_when: False 45 | when: rvm_binary.stat.exists and rvm1_rvm_check_for_updates 46 | sudo_user: '{{ rvm1_user }}' 47 | 48 | - name: Configure rvm 49 | command: '{{ rvm1_rvm }} autolibs {{ rvm1_autolib_mode }}' 50 | when: not rvm_binary.stat.exists 51 | sudo_user: '{{ rvm1_user }}' 52 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: localhost 4 | remote_user: travis 5 | sudo: true 6 | 7 | vars: 8 | rvm1_rubies: 9 | - 'ruby-2.1.0' 10 | - 'ruby-2.1.2' 11 | rvm1_install_path: '/home/travis/.rvm' 12 | rvm1_install_flags: '--auto-dotfiles --user-install' 13 | 14 | roles: 15 | - rvm1-ansible 16 | -------------------------------------------------------------------------------- /roles/rvm_io.rvm1-ruby/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | rvm1_temp_download_path: '/tmp' 4 | 5 | rvm1_default_ruby_version: '{{ rvm1_rubies | last if rvm1_rubies and rvm1_rubies is iterable else "" }}' 6 | 7 | rvm1_rvm: '{{ rvm1_install_path }}/bin/rvm' 8 | 9 | rvm1_symlink_binaries: 10 | - 'bundle' 11 | - 'bundler' 12 | - 'erb' 13 | - 'executable-hooks-uninstaller' 14 | - 'gem' 15 | - 'irb' 16 | - 'rake' 17 | - 'rdoc' 18 | - 'ri' 19 | - 'ruby' 20 | - 'testrb' 21 | 22 | rvm1_symlink_to: '/usr/local/bin' 23 | -------------------------------------------------------------------------------- /ruby_installation.yml: -------------------------------------------------------------------------------- 1 | #VERSION: 0.0.3 2 | 3 | --- 4 | - hosts: launched 5 | sudo: yes 6 | 7 | 8 | tasks: 9 | 10 | 11 | - name: adding ppa 12 | #command: sudo add-apt-repository ppa:chris-lea/node.js 13 | apt_repository: repo='ppa:chris-lea/node.js' state=present 14 | 15 | - name: update apt 16 | apt: update_cache=yes 17 | 18 | - name: installing required packages 19 | # action: pkg={{item}} 20 | apt: name={{ item }} state=present 21 | with_items: 22 | # - git-core 23 | - curl 24 | - zlib1g-dev 25 | - build-essential 26 | - libssl-dev 27 | - libreadline-dev 28 | - libyaml-dev 29 | - libxml2-dev 30 | - libxslt1-dev 31 | - libcurl4-openssl-dev 32 | - python-software-properties 33 | - libffi-dev 34 | - libpq-dev 35 | 36 | - name: Installs RVM (Ruby Version Manager) for handling Ruby installation 37 | command: gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 38 | 39 | - name: curl the stable version of RVM 40 | #action: shell curl -sSL https://get.rvm.io | bash -s stable creates=/home/ubuntu/.rvm/ 41 | action: shell curl -L https://get.rvm.io | bash -s stable creates=/home/ubuntu/.rvm/ 42 | args: 43 | dest: ~/ 44 | 45 | - name: reload rvm script 46 | # action: source ~/.rvm/scripts/rvm 47 | shell: source /home/ubuntu/.rvm/scripts/rvm 48 | args: 49 | executable: /bin/bash 50 | 51 | 52 | - name: Installs Ruby 53 | command: rvm install ruby-2.2.1 54 | 55 | - name: use ruby 2.2.1 56 | command: rvm install ruby-2.2.1 57 | 58 | - name: adding gem --no-ri --no-rdoc to .gemrc file 59 | command: "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc" 60 | 61 | - name: install bundler 62 | command: gem install bundler 63 | 64 | - name: insalling rails 65 | command: gem install rails -v 4.2.3 -------------------------------------------------------------------------------- /ruby_nginx_passenger.yml: -------------------------------------------------------------------------------- 1 | #VERSION: 0.0.3 2 | 3 | --- 4 | - hosts: launched 5 | sudo: yes 6 | 7 | 8 | tasks: 9 | - name: update apt 10 | apt: update_cache=yes 11 | 12 | - name: Set up authorized_keys for the deploy user 13 | authorized_key: user=ubuntu 14 | key="{{ item }}" 15 | with_file: 16 | - /home/ubuntu/ssh_keys/tanmay.pub 17 | - /home/ubuntu/ssh_keys/ajeet.pub 18 | 19 | - name: adding key 20 | command: gpg --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 21 | - name: export key 22 | command: gpg --armor --export 561F9B9CAC40B2F7 | sudo apt-key add - 23 | 24 | 25 | - name: install apt-transport-https 26 | action: apt pkg=apt-transport-https state=installed 27 | 28 | - name: add passenger repository 29 | command: sudo sh -c "echo 'deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main' >> /etc/apt/sources.list.d/passenger.list" 30 | 31 | - name: change the owner of pssenger.list 32 | command: sudo chown root /etc/apt/sources.list.d/passenger.list 33 | 34 | - name: change permission of passenger.list 35 | command: sudo chmod 600 /etc/apt/sources.list.d/passenger.list 36 | 37 | - name: update the cache 38 | command: sudo apt-get update -y 39 | 40 | - name: Installing nginx 41 | apt: name=nginx-full force=yes 42 | 43 | - name: Installing passenger 44 | apt: name=passenger force=yes 45 | 46 | 47 | - name: Ensure passenger_root is set 48 | lineinfile: 49 | dest=/etc/nginx/nginx.conf 50 | state=present 51 | backup=yes 52 | regexp='#?\s*passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;' 53 | line='passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;' 54 | 55 | 56 | - name: Ensure passenger_ruby is set 57 | lineinfile: 58 | dest=/etc/nginx/nginx.conf 59 | state=present 60 | backup=yes 61 | backrefs=yes 62 | regexp='#?\s*passenger_ruby /usr/bin/passenger_free_ruby;' 63 | line='passenger_ruby /home/ubuntu/.rvm/gems/ruby-2.2.1/wrappers/ruby;' 64 | 65 | - name: Remove the default app 66 | sudo: yes 67 | command: rm -rf /etc/nginx/sites-enabled/default 68 | 69 | - name: Remove the default app config if exists 70 | sudo: yes 71 | command: rm -rf /etc/nginx/sites-enabled/default 72 | 73 | - name: Configure nginx for the app 74 | template: src=/home/ubuntu/templates/imlibackend.conf.j2 dest=/etc/nginx/conf.d/imlibackend.conf group=www-data owner=www-data force=yes 75 | 76 | - name: Restart nginx 77 | action: service name=nginx state=restarted 78 | 79 | 80 | # - name: copy public and private key to api server 81 | # copy: src=~/.ssh/id_rsa* dest=home/ubuntu/.ssh/ 82 | -------------------------------------------------------------------------------- /temp_deploy.yml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | - hosts: localhost 4 | # sudo: yes 5 | remote_user: ubuntu 6 | tasks: 7 | # - name: update apt 8 | # sudo: yes 9 | # apt: update_cache=yes 10 | 11 | # - name: ensure public key and public one are present 12 | # sudo: yes 13 | # copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600 14 | # with_items: 15 | # - id_rsa.pub 16 | 17 | # - name: ensure private key and public one are present 18 | # sudo: yes 19 | # copy: src={{item}} dest=/home/ubuntu/.ssh/{{ item }} mode=0600 20 | # with_items: 21 | # - id_rsa 22 | 23 | # - name: copy public and private key to api server 24 | # copy: src=~/.ssh/id_rsa* dest=home/ubuntu/.ssh/ 25 | - name: Deploy site files from Github repository 26 | git: repo=git@github.com:imlitech/imli-backend.git dest=/home/{{deploy_user}}/{{app_name}} key_file=/home/ubuntu/.ssh/id_rsa accept_hostkey=yes force=yes version=develop 27 | 28 | - name: change database.yml file 29 | template: src=/home/ubuntu/templates/database.yml.j2 dest={{ deploy_directory}}/config/database.yml 30 | 31 | - name: change supply_chain_engine_config.yml 32 | template: src=/home/ubuntu/templates/supply_chain_engine_config.yml.j2 dest={{ deploy_directory}}/engines/supply_chain_engine/config/supply_chain_engine_config.yml 33 | 34 | - name: change app_config.yml file 35 | template: src=/home/ubuntu/templates/app_config.yml.j2 dest={{deploy_directory}}/config/app_config.yml 36 | 37 | 38 | 39 | 40 | - name: bundle install 41 | command: bundle install chdir={{ deploy_directory }} 42 | 43 | # - name: sidekiq initializer 44 | # command: bundle exec sidekiq -C ./config/sidekiq.yml RAILS_ENV="production" chdir={{deploy_directory}} 45 | 46 | - name: migrate create 47 | command: rake db:create RAILS_ENV="production" chdir={{ deploy_directory }} 48 | 49 | - name: migrate migrate 50 | command: rake db:migrate RAILS_ENV="production" chdir={{ deploy_directory }} 51 | 52 | # - name: tmp clear 53 | # command: bundle exec rake tmp:clear chdir={{ deploy_directory }} 54 | 55 | # - name: restart app 56 | # command: touch tmp/restart.txt chdir={{ deploy_directory¯ }} 57 | # command: echo "{{deploy_directory}}" 58 | --------------------------------------------------------------------------------