Allow playbook to be run for updates as well as install.

This commit is contained in:
Matthew Somerville 2018-08-23 21:53:25 +01:00
parent 84f6cb6b27
commit b18e191336
6 changed files with 104 additions and 76 deletions

View File

@ -0,0 +1,62 @@
---
# This role copies over the user-edited .env.production,
# and runs the database setup
- name: Generate PAPERCLIP_SECRET and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: PAPERCLIP_SECRET
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate SECRET_KEY_BASE and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: SECRET_KEY_BASE
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate OTP_SECRET and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: OTP_SECRET
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate VAPID keys and register it
shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key
register: VAPID_KEYS
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
SECRET_KEY_BASE: '0'
OTP_SECRET: '{{ OTP_SECRET.stdout }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Copy Mastodon .env.production
template:
src: .env.production
dest: /home/mastodon/live/.env.production
become: true
become_user: mastodon
- name: Run Mastodon database setup
shell: cd /home/mastodon/live && bundle exec rails db:setup
environment:
RAILS_ENV: production
SAFETY_ASSURED: 1
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon

View File

@ -1,11 +1,13 @@
---
# This role copies over the user-edited .env.production, runs the database
# setup, pre-compiles assets, starts Mastodon daemons, adds media cleanup
# cron job
# This role pre-compiles assets, starts Mastodon daemons,
# adds media cleanup cron job
- name: Generate PAPERCLIP_SECRET and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: PAPERCLIP_SECRET
- name: Run install tasks
include_tasks: install.yml
when: install is defined
- name: Run Mastodon database migration
when: install is not defined
shell: cd /home/mastodon/live && bundle exec rails db:migrate
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
@ -13,44 +15,6 @@
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate SECRET_KEY_BASE and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: SECRET_KEY_BASE
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate OTP_SECRET and register it
shell: cd /home/mastodon/live && bundle exec rake secret
register: OTP_SECRET
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Generate VAPID keys and register it
shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key
register: VAPID_KEYS
environment:
RAILS_ENV: production
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
SECRET_KEY_BASE: '0'
OTP_SECRET: '{{ OTP_SECRET.stdout }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Copy Mastodon .env.production
template:
src: .env.production
dest: /home/mastodon/live/.env.production
become: true
become_user: mastodon
- name: Precompile Mastodon static assets
shell: cd /home/mastodon/live && bundle exec rails assets:precompile
environment:
@ -60,16 +24,6 @@
executable: /bin/bash
become: true
become_user: mastodon
- name: Run Mastodon database setup
shell: cd /home/mastodon/live && bundle exec rails db:setup
environment:
RAILS_ENV: production
SAFETY_ASSURED: 1
PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}'
args:
executable: /bin/bash
become: true
become_user: mastodon
- name: Add Mastodon media cache cleanup cronjob
cron:
name: "Mastodon media cache cleanup"

View File

@ -0,0 +1,12 @@
---
# This role sets up a Let's Encrypt certificate for the
# Mastodon instance
- name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Restart nginx
service: name=nginx state=started
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"

View File

@ -1,6 +1,5 @@
---
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the
# Mastodon instance
# This role install nginx, configures it
- name: Install nginx and certbot
apt: name={{ item }} state=latest update_cache=yes
@ -20,16 +19,11 @@
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
state: link
- name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Restart nginx
service: name=nginx state=started
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Copy and enable Let's Encrypt renew script
copy:
src: letsencrypt-renew.sh
dest: /etc/cron.daily/letsencrypt-renew.sh
mode: 0700
- name: Run nginx install tasks
include_tasks: install.yml
when: install is defined

View File

@ -0,0 +1,15 @@
---
# This role deletes any existing PostgreSQL database
- name: Stop any Mastodon services that may be running to remove database locks
systemd: name={{ item }} state=stopped
with_items:
- mastodon-sidekiq
- mastodon-streaming
- mastodon-web
- name: Drop any existing database that may exist with the same name
postgresql_db:
name: "{{ DB_NAME }}"
state: absent
become: true
become_user: postgres

View File

@ -8,12 +8,6 @@
- postgresql
- postgresql-contrib
- python-psycopg2
- name: Stop any Mastodon services that may be running to remove database locks
systemd: name={{ item }} state=stopped
with_items:
- mastodon-sidekiq
- mastodon-streaming
- mastodon-web
- name: Add Mastodon PostgreSQL database user
postgresql_user:
name: mastodon
@ -21,9 +15,6 @@
state: present
become: true
become_user: postgres
- name: Drop any existing database that may exist with the same name
postgresql_db:
name: "{{ DB_NAME }}"
state: absent
become: true
become_user: postgres
- name: Run PostgreSQL install tasks
include_tasks: install.yml
when: install is defined