-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdeploy_platform.yaml
237 lines (236 loc) · 8.44 KB
/
deploy_platform.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
---
- hosts: sample_platform_4
remote_user: root
vars:
install_user: www-data
install_group: www-data
data_log_dir: "{{ data_dir }}/LogFiles"
data_result_dir: "{{ data_dir }}/TestResults"
data_media_sample_dir: "{{ data_dir }}/TestFiles/media"
mysql_root_pass: "{{ lookup('password', '~/credentials/' + ansible_host + '/mysql/root length=15 chars=ascii_letters') }}"
mysql_db_pass: "{{ lookup('password', '~/credentials/' + ansible_host + '/mysql/app length=15 chars=ascii_letters') }}"
dh_param: /etc/ssl/dhparam.pem
ssl_key: /etc/ssl/private/sample_platform.key
ssl_cert: /etc/ssl/sample_platform.crt
platform_file: /etc/init.d/platform
smb_user: ci_bot
smb_pass: "{{ lookup('password', '~/credentials/' + ansible_host + '/smb_password length=15 chars=ascii_letters') }}"
tasks:
- name: Config check
block:
- name: Check if configuration file already exists
local_action: stat path=sample_platform_config.py
register: config_created
- fail:
msg: sample_platform_config.py is missing! Run the configure_platform first
when: not config_created.stat.exists
- name: Python 3 setup
block:
- name: Install python 3
apt:
update_cache: yes
pkg:
- python3
- python3-pip
- python3-libvirt
- python3-pymysql
- name: Switch default python interpreter to py3
shell: update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 && update-alternatives --install /usr/bin/python python /usr/bin/python3.7 2 && update-alternatives --auto python
- name: Install dependencies
apt:
pkg:
- nginx
- qemu-kvm
- libvirt-clients
- libvirt-dev
- virt-manager
- mediainfo
- mariadb-server
- git
- samba
- name: Update pip, setuptools and wheel
pip:
name: pip,setuptools,wheel
extra_args: --upgrade
- name: Clone repository
git:
repo: https://github.com/CCExtractor/sample-platform.git
dest: "{{ install_dir }}"
- name: Make www-data owner of the folder
file:
path: "{{ install_dir }}"
owner: "{{ install_user }}"
group: "{{ install_group }}"
mode: 0755
- name: Install pip dependencies
pip:
requirements: "{{ install_dir }}/requirements.txt"
state: forcereinstall
- name: Create random secret_key
shell: "head -c 24 /dev/urandom > {{ install_dir }}/secret_key"
- name: Create random secret_csrf
shell: "head -c 24 /dev/urandom > {{ install_dir }}/secret_csrf"
- name: Configure MySQL
block:
- name: Make sure the MySQL server is running at startup
service:
name: mysql
state: started
enabled: yes
- name: Change password for MySQL root user
mysql_user:
login_user: root
login_password: "{{ mysql_root_pass }}"
login_unix_socket: /var/run/mysqld/mysqld.sock
check_implicit_admin: yes
name: root
password: "{{ mysql_root_pass }}"
host: localhost
priv: "*.*:ALL,GRANT"
- name: Create .my.cnf MySQL config for root user
template:
src: .my.cnf.j2
dest: /root/.my.cnf
owner: root
group: root
mode: '0600'
vars:
password: "{{ mysql_root_pass }}"
- name: Create a new database with name '{{ mysql_db_name }}'
mysql_db:
name: "{{ mysql_db_name }}"
state: present
- name: 'Add a Sample Platform user ({{ mysql_db_user }}) for MySQL'
mysql_user:
login_user: root
login_password: "{{ mysql_root_pass }}"
name: "{{ mysql_db_user }}"
password: "{{ mysql_db_pass }}"
host: localhost
priv: "{{ mysql_db_name }}.*:ALL,GRANT"
- name: Create all directories for holding data
file:
path: "{{ item }}"
state: directory
owner: "{{ install_user }}"
group: "{{ install_group }}"
mode: 0755
loop:
- "{{ data_dir }}"
- "{{ data_dir }}/ci-tests"
- "{{ data_dir }}/TempFiles"
- "{{ data_log_dir }}"
- "{{ data_result_dir }}"
- "{{ data_dir }}/TestFiles"
- "{{ data_media_sample_dir }}"
- "{{ data_dir }}/QueuedFiles"
- name: Configure Samba
block:
- name: Add Samba share
blockinfile:
path: /etc/samba/smb.conf
block: |
[repository]
path = {{ data_dir }}
available = yes
valid users = {{ smb_user }}
read only = yes
browseable = yes
public = yes
writable = no
- name: Make Samba only listening on localhost and custom subnet
lineinfile:
path: /etc/samba/smb.conf
state: present
regexp: '^;? interfaces\s'
line: ' interfaces = 127.0.0.0/8 10.0.1.1'
- name: Make Samba only listen to the interfaces defined above
lineinfile:
path: /etc/samba/smb.conf
state: present
regexp: '^;? bind interfaces\s'
line: ' bind interfaces only = yes'
- name: Reload Samba to apply config changes
service:
name: smbd
state: reloaded
- name: 'Add {{ smb_user }} user'
user:
name: '{{ smb_user }}'
comment: "Bot account for accessing the SMB share"
- name: Add SMB user
shell: "printf '{{ smb_pass }}\n{{ smb_pass }}\n' | smbpasswd -a {{ smb_user }}"
- name: Configure Nginx
block:
- name: Create Nginx config file
template:
src: nginx.conf.j2
dest: /etc/nginx/sites-available/sample_platform
vars:
web_dir: "{{ install_dir }}"
sample_dir: "{{ data_media_sample_dir }}"
log_dir: "{{ data_log_dir }}"
result_dir: "{{ data_result_dir }}"
- name: Transfer DH params
copy:
src: ffdhe2048.txt
dest: "{{ dh_param }}"
- name: Enable Sample Platform config file
file:
src: /etc/nginx/sites-available/sample_platform
dest: /etc/nginx/sites-enabled/sample_platform
state: link
- name: Remove default config file
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Generate self-signed certficate
include_tasks: task_ssl_cert_self_signed.yaml
vars:
task: generate
key_path: "{{ ssl_key }}"
cert_path: "{{ ssl_cert }}"
server_hostname: "{{ domain_name }}"
reload_nginx: yes
- name: Install Let's Encrypt module
include_tasks: task_ssl_cert_with_acme-tiny.yaml
when: use_lets_encrypt
vars:
task: install
acme_private_key: '{{ ssl_key }}'
server_hostname: "{{ domain_name }}"
- name: Generate Let's Encrypt certificate
include_tasks: task_ssl_cert_with_acme-tiny.yaml
when: use_lets_encrypt
vars:
task: generate
- name: Link generated Let's Encrypt certificate
include_tasks: task_ssl_cert_with_acme-tiny.yaml
when: use_lets_encrypt
vars:
task: link
destination: "{{ ssl_cert }}"
- name: Configure platform service
block:
- name: Add auto-launch service for platform
template:
src: service.j2
dest: '{{ platform_file }}'
mode: '0755'
- name: Enable auto-launch service for platform
command: update-rc.d platform defaults
- name: Configure the Sample Platform's python config file
copy:
src: sample_platform_config.py
dest: "{{ install_dir }}/config.py"
- name: Start the service
command: update-rc.d platform start
- name: KVM installation
block:
- name: Enable libvirtd
command: systemctl enable --now libvirtd
- name: Add platform user to kvm group
user:
name: '{{ install_user }}'
groups: kvm,libvirt
append: yes