deployment-tool/authapi/install.yml at 66fc148acdad59da40c3b32b6dacaf913d8afc3d · sequentech/deployment-tool · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# This file is part of agora-dev-box.
# Copyright (C) 2014-2016  Agora Voting SL <agora@agoravoting.com>

# agora-dev-box is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License.

# agora-dev-box  is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public License
# along with agora-dev-box.  If not, see <http://www.gnu.org/licenses/>.

---
- import_tasks: repo.yml

- name: AuthApi, Creating deploy settings
  become: true
  template:
    src: authapi/templates/deploy.py
    dest: /home/authapi/authapi/authapi/authapi/
    owner: authapi
    mode: '0600'

- name: AuthApi, Creating test settings
  become: true
  template:
    src: authapi/templates/test_settings.py
    dest: /home/authapi/authapi/authapi/authapi/
    owner: authapi
    mode: '0600'
    force: yes

- name: AuthApi, Creating uwsgi settings
  become: true
  template:
    src: authapi/templates/uwsgi.ini
    dest: /home/authapi/uwsgi.ini
    owner: authapi
    mode: '0644'

- name: AuthApi, creating some shell commands
  become: true
  template:
    src: "authapi/templates/{{item.name}}"
    dest: "/home/authapi/{{item.name}}"
    owner: authapi
    mode: "{{item.perm}}"
  with_items:
    - name: launchshell.sh
      perm: "0700"
    - name: changepassword.sh
      perm: "0700"
    - name: launchcommand.sh
      perm: "0700"
    - name: fixture.json
      perm: "0600"

- name: AuthApi, Creates webstatic directory
  become: true
  become_user: authapi
  file:
    path: /home/authapi/webstatic
    state: directory

- name: AuthApi, Installing python uwsgi, psycopg2
  become: true
  become_user: authapi
  pip:
    name:
      - uwsgi
      - psycopg2
      - pip==21.0
    virtualenv: /home/authapi/env
    virtualenv_python: python3
    state: present

- import_tasks: djangoapp.yml

- name: AuthApi, Load fixture (admin user)
  become: true
  become_user: authapi
  django_manage:
    command: loaddata
    fixtures: /home/authapi/fixture.json
  args:
    app_path: /home/authapi/authapi/authapi
    virtualenv: /home/authapi/env
    settings: "authapi.deploy"

- name: AuthApi, set password
  become: true
  become_user: authapi
  shell: /home/authapi/changepassword.sh admin "{{config.authapi.admin_user.password}}"

# pgcrypto extension is used for being able to set user passwords directly with
# SQL statements
- name: Authapi, load pgcrypto postgresql extension
  become: true
  become_user: postgres
  when: config.load_balancing.is_master
  shell: psql authapi -tAc "CREATE EXTENSION IF NOT EXISTS pgcrypto;"

- name: Authapi, set authapi election start id
  become: true
  become_user: postgres
  when: config.load_balancing.is_master
  shell: psql authapi -tAc "select setval('api_authevent_id_seq', GREATEST((SELECT MAX(id)+1 FROM api_authevent),{{config.authapi.election_start_id}}));"

- name: Authapi, copy usersdata file
  when: config.authapi.upsert_file != ''
  become: true
  copy:
    src: "{{config.authapi.upsert_file}}"
    dest: /home/authapi/upsert_users.json
    owner: authapi
    group: authapi

- name: AuthApi, upsert users
  become: true
  become_user: authapi
  when: config.authapi.upsert_file != ''
  django_manage:
    command: upsert_users /home/authapi/upsert_users.json
  args:
    app_path: /home/authapi/authapi/authapi
    virtualenv: /home/authapi/env
    settings: authapi.deploy

- name: Authapi, create e2e_test_user file
  become: true
  template:
    src: authapi/templates/e2e_test_user.json
    dest: /home/authapi/e2e_test_user.json
    owner: authapi
    group: authapi
    mode: '0600'

- name: AuthApi, upsert e2e_test_user
  become: true
  become_user: authapi
  django_manage:
    command: upsert_users /home/authapi/e2e_test_user.json
  args:
    app_path: /home/authapi/authapi/authapi
    virtualenv: /home/authapi/env
    settings: authapi.deploy

- name: Authapi, allow authapi user to create databases (for example the test db)
  become: true
  become_user: postgres
  shell: psql authapi -tAc "ALTER USER authapi CREATEDB;"

- name: Authapi, create reports config files
  become: true
  become_user: authapi
  copy:
    dest: "/home/authapi/{{ item.name }}.json"
    content: "{{ item.config | to_nice_json }}"
  with_items: "{{ config.authapi.participation_reports }}"

- name: Authapi, copy static_extra_path
  when: config.authapi.static_extra_path != ''
  become: true
  copy:
    src: "{{config.authapi.static_extra_path}}"
    dest: /home/authapi/static_extra/
    owner: authapi
    group: authapi

- name: Authapi, configure report crontab configuration
  become: true
  cron:
    state: present
    name: "{{ item.name }}"
    job: '/usr/bin/sudo -u authapi /home/authapi/launchcommand.sh "./manage.py send_report --settings=authapi.deploy /home/authapi/{{ item.name }}.json /home/authapi/report_{{ item.name }}.pdf"'
    minute: "{{ item.minute }}"
    hour: "{{ item.hour }}"
    day: "{{ item.day }}"
    weekday: "{{ item.weekday }}"
    month: "{{ item.month }}"
  with_items: "{{ config.authapi.participation_reports }}"