-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
338 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
Role Name | ||
========= | ||
|
||
A brief description of the role goes here. | ||
|
||
Requirements | ||
------------ | ||
|
||
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. | ||
|
||
Role Variables | ||
-------------- | ||
|
||
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. | ||
|
||
Dependencies | ||
------------ | ||
|
||
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. | ||
|
||
Example Playbook | ||
---------------- | ||
|
||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: | ||
|
||
- hosts: servers | ||
roles: | ||
- { role: username.rolename, x: 42 } | ||
|
||
License | ||
------- | ||
|
||
BSD | ||
|
||
Author Information | ||
------------------ | ||
|
||
An optional section for the role authors to include contact information, or a website (HTML is not allowed). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
# defaults file for pyff | ||
pyff_bind_port: 8080 | ||
pyff_public_url: 127.0.0.1 | ||
pyff_public_port: 8080 | ||
pyff_pipeline: 127.0.0.1 | ||
pyff_working_directory: /srv/pyff | ||
# OS | ||
pyff_venv_python: python3 | ||
pyff_version: 2.0.0 | ||
|
||
# SSL Key used to sign the metadata | ||
# pyff_ssl_cert: | ||
# pyff_ssl_cert_key: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
[server:main] | ||
use = egg:pyFF#pyffs | ||
|
||
[app:main] | ||
use = egg:pyFF#pyffapp | ||
|
||
[loggers] | ||
keys = root, pyff, xmlsec, pyff.pipes, pyff.store, pyff.builtins, pyff.api, pyff.parse | ||
|
||
[handlers] | ||
keys = console | ||
|
||
[formatters] | ||
keys = generic | ||
|
||
[logger_root] | ||
level = DEBUG | ||
handlers = console | ||
|
||
[logger_pyff] | ||
level = DEBUG | ||
handlers = | ||
qualname = pyff | ||
|
||
[logger_pyff.parse] | ||
level = DEBUG | ||
handlers = | ||
qualname = pyff.parse | ||
|
||
[logger_xmlsec] | ||
level = INFO | ||
handlers = | ||
qualname = xmlsec | ||
|
||
[logger_pyff.pipes] | ||
level = DEBUG | ||
handlers = | ||
qualname = pyff.pipes | ||
|
||
[logger_pyff.store] | ||
level = DEBUG | ||
handlers = | ||
qualname = pyff.store | ||
|
||
[logger_pyff.builtins] | ||
level = DEBUG | ||
handlers = | ||
qualname = pyff.builtins | ||
|
||
[logger_pyff.api] | ||
level = DEBUG | ||
handlers = | ||
qualname = pyff.api | ||
|
||
[logger_apscheduler] | ||
level = DEBUG | ||
handlers = | ||
qualname = apscheduler | ||
|
||
[handler_console] | ||
class = StreamHandler | ||
args = (sys.stderr,) | ||
level = DEBUG | ||
formatter = generic | ||
|
||
[formatter_generic] | ||
format = %(asctime)s %(levelname)-5.5s [%(name)s:%(lineno)s][%(threadName)s] %(message)s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
[server:main] | ||
use = egg:pyFF#pyffs | ||
|
||
[app:main] | ||
use = egg:pyFF#pyffapp | ||
|
||
[loggers] | ||
keys = root, pyff, xmlsec, pyff.pipes, pyff.store, pyff.builtins, pyff.api, pyff.parse | ||
|
||
[handlers] | ||
keys = console | ||
|
||
[formatters] | ||
keys = generic | ||
|
||
[logger_root] | ||
level = WARN | ||
handlers = console | ||
|
||
[logger_pyff] | ||
level = WARN | ||
handlers = | ||
qualname = pyff | ||
|
||
[logger_pyff.parse] | ||
level = WARN | ||
handlers = | ||
qualname = pyff.parse | ||
|
||
[logger_xmlsec] | ||
level = INFO | ||
handlers = | ||
qualname = xmlsec | ||
|
||
[logger_pyff.pipes] | ||
level = WARN | ||
handlers = | ||
qualname = pyff.pipes | ||
|
||
[logger_pyff.store] | ||
level = WARN | ||
handlers = | ||
qualname = pyff.store | ||
|
||
[logger_pyff.builtins] | ||
level = WARN | ||
handlers = | ||
qualname = pyff.builtins | ||
|
||
[logger_pyff.api] | ||
level = DEBUG | ||
handlers = | ||
qualname = pyff.api | ||
|
||
[logger_apscheduler] | ||
level = WARN | ||
handlers = | ||
qualname = apscheduler | ||
|
||
[handler_console] | ||
class = StreamHandler | ||
args = (sys.stderr,) | ||
level = WARN | ||
formatter = generic | ||
|
||
[formatter_generic] | ||
format = %(asctime)s %(levelname)-5.5s [%(name)s:%(lineno)s][%(threadName)s] %(message)s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
# handlers file for pyff |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
|
||
- name: Ensure pyff SSL certificate is copied | ||
copy: | ||
content: '{{ item.content }}' | ||
dest: "{{ item.dest }}" | ||
owner: "{{ pyff_default_user }}" | ||
group: "{{ pyff_default_group }}" | ||
mode: "{{ item.mode }}" | ||
with_items: | ||
- content: "{{ pyff_ssl_cert }}" | ||
dest: "{{ pyff_working_directory }}/sign.crt" | ||
mode: "0644" | ||
- content: "{{ pyff_ssl_cert_key }}" | ||
dest: "{{ pyff_working_directory }}/sign.key" | ||
mode: "0600" | ||
become: yes | ||
tags: | ||
- configure | ||
|
||
- name: Ensure ini files are copied | ||
copy: | ||
src: "{{ item }}.ini" | ||
dest: "{{ pyff_working_directory }}/{{ item }}.ini" | ||
owner: "{{ pyff_default_user }}" | ||
group: "{{ pyff_default_group }}" | ||
mode: 0644 | ||
backup: yes | ||
with_items: | ||
- debug | ||
- warn | ||
become: yes | ||
tags: | ||
- configure | ||
|
||
- name: "Task block: Setup keycloak as a service" | ||
block: | ||
- name: pyff systemd setup | ||
template: | ||
owner: root | ||
group: root | ||
mode: 0644 | ||
src: templates/pyff.service.j2 | ||
dest: /etc/systemd/system/pyff.service | ||
become: yes | ||
tags: | ||
- pyff_service | ||
# TODO trigger systemctl daemon-reload when changed | ||
|
||
- name: Ensure pyff service is active and enabled on boot | ||
service: | ||
name: "pyff" | ||
state: "started" | ||
enabled: yes | ||
become: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# file: pyff/tasks/install-Debian.yml | ||
|
||
--- | ||
|
||
- name: Ensure dependencies are installed | ||
apt: | ||
name: | ||
- git | ||
- python3-venv | ||
- python3-pip | ||
state: present | ||
install_recommends: no | ||
update_cache: yes | ||
cache_valid_time: 86400 | ||
become: yes | ||
tags: | ||
- install | ||
- python | ||
|
||
- name: Upgrade pip3 | ||
pip: | ||
name: pip | ||
state: latest | ||
extra_args: --upgrade --user | ||
executable: pip3 | ||
become: yes | ||
tags: | ||
- install | ||
- python | ||
|
||
|
||
- name: Install Virtualenv via pip3 | ||
pip: | ||
name: virtualenv | ||
state: latest | ||
executable: pip3 | ||
become: yes | ||
tags: | ||
- install | ||
- python | ||
|
||
- name: Ensure pyff directory exists | ||
file: | ||
state: directory | ||
path: "{{ pyff_working_directory }}" | ||
owner: "{{ pyff_default_user }}" | ||
group: "{{ pyff_default_group }}" | ||
mode: "0750" | ||
become: yes | ||
tags: | ||
- install | ||
- pyff | ||
|
||
- name: Ensure pyFF requirements are installed in venv | ||
pip: | ||
name: "pyff=={{ pyff_version }}" | ||
virtualenv: "{{ pyff_working_directory }}/.venv" | ||
virtualenv_python: "{{ pyff_venv_python }}" | ||
become: yes | ||
become_user: "{{ pyff_default_user }}" | ||
tags: | ||
- install | ||
- pyff |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
# tasks file for pyff | ||
# Include OS-specific installation tasks | ||
- include: install-Debian.yml | ||
when: ansible_os_family == 'Debian' | ||
#- include: install-RedHat.yml | ||
# when: ansible_os_family == 'RedHat' | ||
tags: | ||
- pyff:install | ||
|
||
# Include OS-independent configuration tasks | ||
- include: configure.yml | ||
tags: | ||
- pyff:config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
[Unit] | ||
Description=pyFF service | ||
After=network.target | ||
|
||
[Service] | ||
User={{ pyff_default_user }} | ||
WorkingDirectory={{ pyff_working_directory }} | ||
ExecStart={{ pyff_working_directory }}/env/bin/gunicorn --log-config debug.ini --workers=1 --preload --bind {{ pyff_bind_url }}:{{ pyff_bind_port }} -e PYFF_PUBLIC_URL=http://{{ pyff_public_url }}:{{ pyff_public_port }} -e PYFF_PIPELINE={{ pyff_pipeline }} --threads 4 --worker-tmp-dir=/dev/shm pyff.wsgi:app | ||
Restart=always | ||
RestartSec=60s | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
--- | ||
# vars file for pyff | ||
pyff_default_user: www-data | ||
pyff_default_group: www-data |