From b18e1913366831d490b00f1e024c3c0885033d5a Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Thu, 23 Aug 2018 21:53:25 +0100 Subject: [PATCH] Allow playbook to be run for updates as well as install. --- roles/mastodon-config/tasks/install.yml | 62 +++++++++++++++++++++ roles/mastodon-config/tasks/main.yml | 62 +++------------------ roles/mastodon-nginx/tasks/install.yml | 12 ++++ roles/mastodon-nginx/tasks/main.yml | 14 ++--- roles/mastodon-postgresql/tasks/install.yml | 15 +++++ roles/mastodon-postgresql/tasks/main.yml | 15 +---- 6 files changed, 104 insertions(+), 76 deletions(-) create mode 100644 roles/mastodon-config/tasks/install.yml create mode 100644 roles/mastodon-nginx/tasks/install.yml create mode 100644 roles/mastodon-postgresql/tasks/install.yml diff --git a/roles/mastodon-config/tasks/install.yml b/roles/mastodon-config/tasks/install.yml new file mode 100644 index 0000000..fbfed9b --- /dev/null +++ b/roles/mastodon-config/tasks/install.yml @@ -0,0 +1,62 @@ +--- +# This role copies over the user-edited .env.production, +# and runs the database setup + +- name: Generate PAPERCLIP_SECRET and register it + shell: cd /home/mastodon/live && bundle exec rake secret + register: PAPERCLIP_SECRET + environment: + RAILS_ENV: production + PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' + args: + executable: /bin/bash + become: true + become_user: mastodon +- name: Generate SECRET_KEY_BASE and register it + shell: cd /home/mastodon/live && bundle exec rake secret + register: SECRET_KEY_BASE + environment: + RAILS_ENV: production + PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' + args: + executable: /bin/bash + become: true + become_user: mastodon +- name: Generate OTP_SECRET and register it + shell: cd /home/mastodon/live && bundle exec rake secret + register: OTP_SECRET + environment: + RAILS_ENV: production + PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' + args: + executable: /bin/bash + become: true + become_user: mastodon +- name: Generate VAPID keys and register it + shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key + register: VAPID_KEYS + environment: + RAILS_ENV: production + PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' + SECRET_KEY_BASE: '0' + OTP_SECRET: '{{ OTP_SECRET.stdout }}' + args: + executable: /bin/bash + become: true + become_user: mastodon +- name: Copy Mastodon .env.production + template: + src: .env.production + dest: /home/mastodon/live/.env.production + become: true + become_user: mastodon +- name: Run Mastodon database setup + shell: cd /home/mastodon/live && bundle exec rails db:setup + environment: + RAILS_ENV: production + SAFETY_ASSURED: 1 + PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' + args: + executable: /bin/bash + become: true + become_user: mastodon diff --git a/roles/mastodon-config/tasks/main.yml b/roles/mastodon-config/tasks/main.yml index cbb58ea..ff7f294 100644 --- a/roles/mastodon-config/tasks/main.yml +++ b/roles/mastodon-config/tasks/main.yml @@ -1,11 +1,13 @@ --- -# This role copies over the user-edited .env.production, runs the database -# setup, pre-compiles assets, starts Mastodon daemons, adds media cleanup -# cron job +# This role pre-compiles assets, starts Mastodon daemons, +# adds media cleanup cron job -- name: Generate PAPERCLIP_SECRET and register it - shell: cd /home/mastodon/live && bundle exec rake secret - register: PAPERCLIP_SECRET +- name: Run install tasks + include_tasks: install.yml + when: install is defined +- name: Run Mastodon database migration + when: install is not defined + shell: cd /home/mastodon/live && bundle exec rails db:migrate environment: RAILS_ENV: production PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' @@ -13,44 +15,6 @@ executable: /bin/bash become: true become_user: mastodon -- name: Generate SECRET_KEY_BASE and register it - shell: cd /home/mastodon/live && bundle exec rake secret - register: SECRET_KEY_BASE - environment: - RAILS_ENV: production - PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' - args: - executable: /bin/bash - become: true - become_user: mastodon -- name: Generate OTP_SECRET and register it - shell: cd /home/mastodon/live && bundle exec rake secret - register: OTP_SECRET - environment: - RAILS_ENV: production - PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' - args: - executable: /bin/bash - become: true - become_user: mastodon -- name: Generate VAPID keys and register it - shell: cd /home/mastodon/live && bundle exec rake mastodon:webpush:generate_vapid_key - register: VAPID_KEYS - environment: - RAILS_ENV: production - PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' - SECRET_KEY_BASE: '0' - OTP_SECRET: '{{ OTP_SECRET.stdout }}' - args: - executable: /bin/bash - become: true - become_user: mastodon -- name: Copy Mastodon .env.production - template: - src: .env.production - dest: /home/mastodon/live/.env.production - become: true - become_user: mastodon - name: Precompile Mastodon static assets shell: cd /home/mastodon/live && bundle exec rails assets:precompile environment: @@ -60,16 +24,6 @@ executable: /bin/bash become: true become_user: mastodon -- name: Run Mastodon database setup - shell: cd /home/mastodon/live && bundle exec rails db:setup - environment: - RAILS_ENV: production - SAFETY_ASSURED: 1 - PATH: '/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:/home/mastodon/.rbenv/plugins/ruby-build/bin:{{ ansible_env.PATH }}' - args: - executable: /bin/bash - become: true - become_user: mastodon - name: Add Mastodon media cache cleanup cronjob cron: name: "Mastodon media cache cleanup" diff --git a/roles/mastodon-nginx/tasks/install.yml b/roles/mastodon-nginx/tasks/install.yml new file mode 100644 index 0000000..b05404a --- /dev/null +++ b/roles/mastodon-nginx/tasks/install.yml @@ -0,0 +1,12 @@ +--- +# This role sets up a Let's Encrypt certificate for the +# Mastodon instance + +- name: Stop nginx for now + service: name=nginx state=stopped +- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance + shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}" +- name: Restart nginx + service: name=nginx state=started +- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance + shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}" diff --git a/roles/mastodon-nginx/tasks/main.yml b/roles/mastodon-nginx/tasks/main.yml index acc1c2b..6c04332 100644 --- a/roles/mastodon-nginx/tasks/main.yml +++ b/roles/mastodon-nginx/tasks/main.yml @@ -1,6 +1,5 @@ --- -# This role install nginx, configures it and sets up a Let's Encrypt certificate for the -# Mastodon instance +# This role install nginx, configures it - name: Install nginx and certbot apt: name={{ item }} state=latest update_cache=yes @@ -20,16 +19,11 @@ src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf state: link -- name: Stop nginx for now - service: name=nginx state=stopped -- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance - shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}" -- name: Restart nginx - service: name=nginx state=started -- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance - shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}" - name: Copy and enable Let's Encrypt renew script copy: src: letsencrypt-renew.sh dest: /etc/cron.daily/letsencrypt-renew.sh mode: 0700 +- name: Run nginx install tasks + include_tasks: install.yml + when: install is defined diff --git a/roles/mastodon-postgresql/tasks/install.yml b/roles/mastodon-postgresql/tasks/install.yml new file mode 100644 index 0000000..67dde97 --- /dev/null +++ b/roles/mastodon-postgresql/tasks/install.yml @@ -0,0 +1,15 @@ +--- +# This role deletes any existing PostgreSQL database + +- name: Stop any Mastodon services that may be running to remove database locks + systemd: name={{ item }} state=stopped + with_items: + - mastodon-sidekiq + - mastodon-streaming + - mastodon-web +- name: Drop any existing database that may exist with the same name + postgresql_db: + name: "{{ DB_NAME }}" + state: absent + become: true + become_user: postgres diff --git a/roles/mastodon-postgresql/tasks/main.yml b/roles/mastodon-postgresql/tasks/main.yml index e0c822e..3cb2361 100644 --- a/roles/mastodon-postgresql/tasks/main.yml +++ b/roles/mastodon-postgresql/tasks/main.yml @@ -8,12 +8,6 @@ - postgresql - postgresql-contrib - python-psycopg2 -- name: Stop any Mastodon services that may be running to remove database locks - systemd: name={{ item }} state=stopped - with_items: - - mastodon-sidekiq - - mastodon-streaming - - mastodon-web - name: Add Mastodon PostgreSQL database user postgresql_user: name: mastodon @@ -21,9 +15,6 @@ state: present become: true become_user: postgres -- name: Drop any existing database that may exist with the same name - postgresql_db: - name: "{{ DB_NAME }}" - state: absent - become: true - become_user: postgres +- name: Run PostgreSQL install tasks + include_tasks: install.yml + when: install is defined