Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Playbooks for sandbox & geotaste #145

Closed
wants to merge 16 commits into from
Closed

Playbooks for sandbox & geotaste #145

wants to merge 16 commits into from

Conversation

quadrismegistus
Copy link
Contributor

@quadrismegistus quadrismegistus commented Sep 1, 2023
edited
Loading

This PR adds a playbook for geotaste, which is our first playbook deploying to the sandbox server; future apps will want to refactor this a bit.

rlskoeser
rlskoeser requested changes Sep 19, 2023
View reviewed changes
hosts
Comment on lines +39 to +40
[geotaste]
cdh-dev-sandbox1.princeton.edu
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noting for myself that we still have to figure out how to split out host from app; we may need to add app-specific group vars. I think it's fine if we tackle this when we write a second playbook for the sandbox (probably / hopefully for simrisk)

roles/finalize_deploy/handlers/main.yml
Comment on lines +13 to +21
# # Restart apache on Ubuntu systems when apache role is in use
# - name: restart apache
# become: true
# service:
# name: apache2
# enabled: true
# state: restarted
# when: ansible_distribution == 'Ubuntu' and apache_app_path is defined
# listen: "restart web server"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to get rid of the apache2 bits as part of the VM upgrade that Francis is helping us with; I'm not sure we can merge this change into main until we resolve that, though.

roles/passenger/templates/geotaste_proxy.conf.j2
@@ -0,0 +1,12 @@
server {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this proxy template no longer needed?

roles/passenger/templates/geotaste_passenger.conf.j2
Comment on lines +54 to +55
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we were doing auth, we'd want the password file to be stored in ansible vault and put on the server as part of the playbook. I'd also want to figure out a way that it would only prompt for the password when you aren't on vpn, but that doesn't matter now.

let's remove these lines.

roles/geotaste_setup/tasks/main.yml
@@ -0,0 +1,16 @@
---
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it doesn't look like you have any app-specific setup needed? so this role can be removed

roles/passenger/templates/geotaste_passenger.conf.j2
@@ -0,0 +1,106 @@
server {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what did you have to configure from the base template? it's hard to tell what you changed. Do you still need a custom passenger conf if you aren't doing the proxying?

@quadrismegistus
Copy link
Contributor Author

Iceboxing the sandbox 🤣 for geotaste for now. Its nginx and related configs will be continued into/superceded by #149

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rlskoeser rlskoeser rlskoeser requested changes

@kayiwa kayiwa Awaiting requested review from kayiwa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@quadrismegistus @rlskoeser