first rev

2 years ago · f2a6754021
commit f2a6754021
35 changed files with 893 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 .venv
 roles/archive/files/*
--- a/MiseEnProd.txt
+++ b/MiseEnProd.txt
@ -0,0 +1,105 @@
 Cérémonial de mise en production
 ===================================
 Installation
 ===============
 Vue d'ensemble
 ----------------
 .. important:: Relire attentivement les fichiers `MiseEnProd.txt` dans les trois
               dépôts git `webapp`, `datascience` et `deployment`.
 1. **webapp**: tag et paramètrage de l'app dans `webapp`
 2. procédure d'installation (dans `deployment`, cf ci-dessous)
 3. populate database (dans `datascience`)
 4. démarrage de l'application (dans `deployment`)
 Dans `group_vars/all`
 -----------------------
 - renommer `main.yml` en `main.dev.yml`
 ::
    cp main.yml main.dev.yml
 - renommer `main.prod.yml` en `main.yml`
 ::
    cp main.prod.yml main.yml
 - ouvrir le fichier `main.yml`,
 - vérifier que la variable `mode` est bien renseignée
 ::
    mode: production
 - vérifier que la variable `action` est bien renseignée
 ::
    action: install
 - vérifier que `application_release_tag` pointe sur le bon tag de release
 A la racine du projet
 -------------------------------
 - lancer `source .venv/bin/activate` à la racine du projet
 - vérifier que la procédure de tag de release dans `webapp` a bien été faite
 - lancer `./install.sh`
 ::
    ./install.sh
 - aller dans `datascience`, dérouler le cérémonial de prod
 - revenir à la racine du projet, lancer `launch_application.sh`
 ::
    ./launch_application.sh
 Mise à jour de l'application
 ===============================
 Vue d'ensemble
 --------------
 1. tag et paramètrage de l'app dans `webapp`
 2. procédure de mise à jour (dans `deployment`, cf ci-dessous)
 4. re-démarrage de l'application (dans `deployment`)
 Dans `group_vars/all`
 -----------------------
 - renommer `main.yml` en `main.dev.yml`
 - renommer `main.prod.yml` en `main.yml`
 - ouvrir le fichier `main.yml`,
 - vérifier que la variable `mode` est bien renseignée
 ::
    mode: production
 - vérifier que la variable `action` est bien renseignée
  **et lui affecter la valeur `publish`**
 ::
    action: publish
 - vérifier que `application_release_tag` pointe sur le bon tag de release
 - lancer `source .venv/bin/activate` à la racine du projet
 - vérifier que la procédure de tag de release dans `webapp` a bien été faite
 - **lancer la commande `./publish.sh`**
 - **optionnel** : aller dans `datascience`, dérouler le cérémonial de prod
  si les datas ont changées
 - revenir à la racine du projet, lancer `launch_application.sh`
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = hosts
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -0,0 +1,9 @@
 # development configuration
 domain_name: toto.site
 mail_address: toto@free.fr
 server_ip: XXXX
 dbadmin: XXXX
 dbpassword: XXXXXXXX
 linux_user: ubuntu
 application_release_tag: v0.20beta
 datascience_release_tag: v0.1pre-alpha
--- a/5
+++ b/5
@ -0,0 +1,5 @@
 # set the vps ip address or domain name
 server1 ansible_host="{{ server_ip }}" ansible_ssh_user="{{ linux_user }}" ansible_python_interpreter="/usr/bin/python3"
--- a/playbook.yml
+++ b/playbook.yml
@ -0,0 +1,14 @@
 - hosts: server1
  #remote_user: debian
  become: true
  become_method: sudo
  roles:
    - common
    - nginx
    - certbot
    - archive
    - pip
    - mongodb
    - datascience
    - run
--- a/readme.rst
+++ b/readme.rst
@ -0,0 +1,82 @@
 VPS installation procedure
 ============================
 Prerequisites
 ------------------
 You must have working copy repositories of the
 - `deployment`
 - `webapp`
 projects on your control node machine.
 ::
 ─ repositories
  ├── deployment
  └── webapp
 .. important::
   In the webapp project, before launching the installation procedure,
   make a `git pull --tags` to retrieve all the tags in the local
   working copy webapp repository.
 Before launching the installation
 -------------------------------------
 You must have a `group_vars/all/main.yml` configuration file, wich is NOT
 in the working copy repository. Have a look at the `.gitignore` file.
 Installation configuration
 -----------------------------------------------
 You need to verify and set some variables before launching the playbook:
 The `group_vars/all/main.yml` shall have these variables set :
 - domain_name
 - mail_address
 - server_ip
 - dbadmin
 - dbpassword
 - application_release_tag
 Installation procedure
 -----------------------------------
 From this `deployment` project, launch the script::
    ./install.sh
 The script `install.sh` installs:
 - nginx as a webserver
 - https (with a let's encrypt acme challenge)
 - usefull python librairies (flask, for example)
 - mongodb storage
 Then go to the `datascience` repository and populate the database.
 When the database is populated, you can run the app service with::
    ./launch_application.sh
 which lauches the webapp application service on the remote server.
 Installation method
 ----------------------
 we use `ansible <https://www.ansible.com/>`_
 The target is a VPS with a debian 12 installed, the python version is::
    Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import flask
    >>>
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,12 @@
 ansible==8.3.0
 ansible-core==2.15.3
 cffi==1.15.1
 cryptography==41.0.3
 dnspython==2.4.2
 Jinja2==3.1.2
 MarkupSafe==2.1.3
 packaging==23.1
 pycparser==2.21
 pymongo==4.5.0
 PyYAML==6.0.1
 resolvelib==1.0.1
--- a/roles/archive/readme.rst
+++ b/roles/archive/readme.rst
@ -0,0 +1,23 @@
 Deployment from an archive 
 =============================
 ansible *Unarchive* deployment procedure
 Create the git archive
 --------------------------
 First, let's create the git archive from the actes princier's repository
 git archive command::
    git archive --format=tgz --prefix='app/' -o actesprinciers.tgz v0.2_maquette
 Place the archive in your `files` folder
 -------------------------------------------
 Application archive to be deployed shall be present in the `files` folder::
    files/actesprinciers.tgz
--- a/roles/archive/tasks/main.yml
+++ b/roles/archive/tasks/main.yml
@ -0,0 +1,25 @@
 - name: Deployment - Archive the app for deployment
  become: false
  ansible.builtin.shell: "git archive --format=tgz --prefix='app/' -o ../deployment/roles/archive/files/{{deployment_repo_name}}.tgz {{ release_tag }}"
  args:
    chdir: ../{{deployment_repo_name}}/
  delegate_to: 127.0.0.1
 - name: Deployment - if exists - removes /opt/ directory
  shell: rm -rf /opt/
 - name: Deployment - Creates /opt/ (application) directory
  file:
    path: /opt
    state: directory
 - name: Deployment - extract application archive
  ansible.builtin.unarchive:
    src: "{{deployment_repo_name}}.tgz"
    dest: /opt/
 - name: Deployment - copies the credentials file from the local app working copy repository
  ansible.builtin.copy:
    src: "../{{deployment_repo_name}}/params.yaml"
    dest: "/opt/app"
    mode: '0644'
--- a/roles/archive/vars/main.yml
+++ b/roles/archive/vars/main.yml
@ -0,0 +1,3 @@
 ---
 release_tag: "{{ application_release_tag }}"
 deployment_repo_name: webapp
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -0,0 +1,34 @@
 - name: Install certbot base
  apt:
    name:
      - certbot
    state: present
 - name : Install Let's Encrypt Package
  apt: name={{ certbot_package }} update_cache=yes state=latest
 - name: check if pem already exists
  stat:
    path: "/etc/letsencrypt/live/{{ certbot_site_names['host1'] }}/fullchain.pem"
  register: pem
 - debug:
    msg: "it looks like the let's encrypt pem exists..."
  when: pem.stat.exists
 - debug:
    msg: "it looks like the let's encrypt pem does not exist..."
  when: not pem.stat.exists
 - name: Create and Install certificates using {{ certbot_plugin }} Plugin
  shell: certbot --{{ certbot_plugin }} -d  {{ item }} -m {{ certbot_mail_address }} --agree-tos --noninteractive --redirect
  when: not pem.stat.exists
  with_items:
    - "{{ certbot_site_names['host1'] }}"
    # TODO: in case of multi-site
    #- "{{ certbot_site_names['host2'] }}"
 - name: Set Letsencrypt Cronjob for Certificate Auto Renewal
  cron: name=letsencrypt_renewal special_time=monthly job="/usr/bin/certbot renew"
  tags:
    - cert_renew
--- a/roles/certbot/vars/main.yml
+++ b/roles/certbot/vars/main.yml
@ -0,0 +1,7 @@
 certbot_site_names: {
    host1: "{{ domain_name }}",
 }
 #    host2: "",
 certbot_package: "python3-certbot-nginx"
 certbot_plugin: "nginx"
 certbot_mail_address: "{{ mail_address }}"
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -0,0 +1,37 @@
 ---
 - name: Update & upgrade system
  apt:
    update_cache: yes
    upgrade: dist
 - name: Install required packages
  apt:
    name:
      - cron
      - python3-pip
      - python3-virtualenv
      - python3-setuptools
      - htop
      - man
      - net-tools
      - bash-completion
      - locales
      - python-is-python3
      - wget
      - zip
      - bzip2
      - tree
      - vim
      - vim-common
      - screen
      - curl
      - unzip
    state: present
 - name: Remove useless stuff
  apt:
    name:
      - bind9
      - telnet
      - ftp
    state: absent
--- a/roles/datascience/files/.empty
+++ b/roles/datascience/files/.empty
--- a/roles/datascience/files/drop_database.py
+++ b/roles/datascience/files/drop_database.py
@ -0,0 +1,31 @@
 #!/usr/bin/env python
 """Drop database utility
 """
 import sys
 import pymongo
 from pymongo import MongoClient
 import urllib.parse
 mongo_ip = sys.argv[1]
 mongo_admin = sys.argv[2]
 mongo_password = sys.argv[3]
 username = urllib.parse.quote_plus(mongo_admin)
 password = urllib.parse.quote_plus(mongo_password)
 dbclient = MongoClient('mongodb://%s:%s@%s:27017' % (username, password, mongo_ip))
 #myclient = pymongo.MongoClient("mongodb://dbadmin:Test123@<ip>:27017/?authSource=the_database&authMechanism=SCRAM-SHA-1")
 actesdb = dbclient["actesdb"]
 housecol = actesdb["house"]
 actecol = actesdb["acte"]
 helpers = actesdb["helpers"]
 # remove collections 
 actecol.drop()
 housecol.drop()
 helpers.drop()
--- a/roles/datascience/files/telemetry
+++ b/roles/datascience/files/telemetry
@ -0,0 +1 @@
 consent: false
--- a/roles/datascience/readme.rst
+++ b/roles/datascience/readme.rst
@ -0,0 +1,23 @@
 Deployment from an archive 
 =============================
 ansible *Unarchive* deployment procedure
 Create the git archive
 --------------------------
 First, let's create the git archive from the actes princier's repository
 git archive command::
    git archive --format=tgz --prefix='datascience/' -o datascience.tgz <tag_name>
 Place the archive in your `files` folder
 -------------------------------------------
 Application archive to be deployed shall be present in the `files` folder::
    files/datascience.tgz
--- a/roles/datascience/tasks/main.yml
+++ b/roles/datascience/tasks/main.yml
@ -0,0 +1,100 @@
 - name: Deployment - Archive datascience for pipeline run on the server
  become: false
  ansible.builtin.shell: "git archive --format=tgz --prefix='datascience/' -o ../deployment/roles/datascience/files/{{datascience_repo_name}}.tgz {{ release_tag }}"
  args:
    chdir: ../{{datascience_repo_name}}/
  delegate_to: 127.0.0.1
 - name: Deployment - removes old datascience directory
  shell: rm -rf /home/{{ user }}/datascience
 - name: Deployment - Creates datascience directory
  become: false
  file:
    path: /home/{{ user }}/datascience
    state: directory
 - name: Deployment - extract datascience archive
  become: false
  ansible.builtin.unarchive:
    src: "{{datascience_repo_name}}.tgz"
    dest: /home/{{ user }}/
 - name: Deployment - copies the credentials file from the local datascience working copy repository
  become: false
  ansible.builtin.copy:
    src: "../{{datascience_repo_name}}/actes-princiers/conf/local/parameters.yml"
    dest: "/home/{{ user }}/datascience/actes-princiers/conf/local/"
    mode: '0644'
 #- name: Drop all collections in the mongo database
 #  become: false
 #  ansible.builtin.script:
 #    executable: python3
 #    cmd: "drop_database.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
 #  delegate_to: 127.0.0.1
 #  ignore_errors: true
 - name: Create working directory for mongo admin scripts
  become: false
  #become_user: "{{ user }}"
  ansible.builtin.file:
    path: /home/{{ user }}/tmp/
    state: directory
    mode: '0755'
 - name: Installing workplace script librairies
  become: false
  ansible.builtin.pip:
    name: pymongo
    virtualenv: /home/{{ user }}/tmp/.venv
 - name: Upload drop_database python script
  become: false
  ansible.builtin.copy:
    src: files/drop_database.py
    dest: "/home/{{ user }}/tmp/"
    mode: '0755'
 - name: Run drop_database script
  become: false
  ansible.builtin.shell: "cd /home/{{ user }}/tmp && . .venv/bin/activate && ./drop_database.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
  args:
    executable: /bin/bash
  ignore_errors: true
 - name: Install python librairies into the specified virtual environment
  become: false
  ansible.builtin.pip:
    requirements: /home/{{ user }}/datascience/actes-princiers/src/requirements.txt
    virtualenv: /home/{{ user }}/datascience/.venv
 #- name: Uninstall kedro-telemetry
 #  become: false
 #  ansible.builtin.pip:
 #    name: kedro-telemetry
 #    virtualenv: /home/{{ user }}/datascience/.venv
 #  state: absent
 - name: Kedro - copy telemetry file
  become: false
  ansible.builtin.copy:
    src: files/telemetry
    dest: "/home/{{ user }}/datascience/actes-princiers/.telemetry"
    mode: '0644'
 - name: Install python librairies into the specified virtual environment
  become: false
  ansible.builtin.pip:
    requirements: /home/{{ user }}/datascience/actes-princiers/src/requirements.txt
    virtualenv: /home/{{ user }}/datascience/.venv
 - name: Launches the kedro JSON creation pipeline and populates the database
  become: false
  ansible.builtin.shell: |
    cd /home/{{ user }}/datascience/ && . .venv/bin/activate && cd actes-princiers && kedro run --tags="etl_transform" && kedro run --tags="populate_database"
  args:
    executable: /bin/bash
  #  chdir: /home/{{ user }}/datascience/actes-princiers/
  #  executable: /home/{{ user }}/datascience/.venv/bin/kedro
--- a/roles/datascience/vars/main.yml
+++ b/roles/datascience/vars/main.yml
@ -0,0 +1,7 @@
 ---
 release_tag: "{{ datascience_release_tag }}"
 datascience_repo_name: datascience
 user: "{{ linux_user }}"
 mongodb_ip: 127.0.0.1
 mongodb_admin: "{{ dbadmin }}"
 mongodb_password: "{{ dbpassword }}"
--- a/roles/mongodb/files/add_admin_user.py
+++ b/roles/mongodb/files/add_admin_user.py
@ -0,0 +1,26 @@
 #!/usr/bin/env python
 """Mongo create admin user utility
 """
 import sys
 import urllib.parse
 import pymongo
 mongo_ip = sys.argv[1]
 mongo_admin = sys.argv[2]
 mongo_password = sys.argv[3]
 #mongo_admin = urllib.parse.quote_plus(mongo_admin)
 #mongo_password = urllib.parse.quote_plus(mongo_password)
 client = pymongo.MongoClient(f"mongodb://{mongo_ip}:27017/")
 client.admin.command(
    'createUser', mongo_admin,
    pwd=mongo_password,
    roles=[ { 'role': "userAdminAnyDatabase", 'db': "admin" }, "readWriteAnyDatabase" ]
    )
--- a/roles/mongodb/files/check_admin_user.py
+++ b/roles/mongodb/files/check_admin_user.py
@ -0,0 +1,27 @@
 #!/usr/bin/env python
 """Mongo create check if user exists utility
 """
 import sys
 import urllib.parse
 import pymongo
 mongo_ip = sys.argv[1]
 mongo_admin = sys.argv[2]
 mongo_password = sys.argv[3]
 mongo_admin = urllib.parse.quote_plus(mongo_admin)
 mongo_password = urllib.parse.quote_plus(mongo_password)
 try:
    client = pymongo.MongoClient(f"mongodb://{mongo_ip}:27017/")
    admin = client['admin']
    userscol = admin['system.users']
    print(userscol.find_one())
    # ok, the user doesn't exist
    sys.exit(0)
 except pymongo.errors.OperationFailure as err:
    # unable to login without password
    sys.exit(1)
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@ -0,0 +1,158 @@
 ---
 - name: Install required packages
  apt:
    name:
      - curl
      - gnupg
    state: present
 #- name: Add mongo ppa key (new way of adding an apt repository key)
 #  ansible.builtin.get_url:
 #    url: https://pgp.mongodb.com/server-7.0.asc
 #    dest: /etc/apt/trusted.gpg.d/mongodb-server-7.0.gpg
 #    mode: '0644'
 #    force: true
 - name: Add mongo ppa key (new way of adding an apt repository key)
  ansible.builtin.shell: curl -fsSL https://pgp.mongodb.com/server-7.0.asc | gpg  --dearmor -o /etc/apt/trusted.gpg.d/mongodb-server-7.0.gpg
  args:
    creates: /etc/apt/trusted.gpg.d/mongodb-server-7.0.gpg
 - name: Add the mongo repository to the source list
  ansible.builtin.shell: echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list
  args:
    creates: /etc/apt/sources.list.d/mongodb-org-7.0.list
 #- name: Add specified repository into sources list
 #  ansible.builtin.apt_repository:
 #    repo: deb-src http://repo.mongodb.org/apt/debian bookworm/mongodb-org/8.0 stable main
 #    state: present
 #- name: Update system after the addition of the mongo repo
 #  apt:
 #    update_cache: yes
 #    upgrade: dist
 - name: Update all packages after the addition of the mongo repo
  ansible.builtin.apt:
    name: "*"
    state: latest
 - name: Mongodb-org installation
  apt:
    name: mongodb-org
    state: latest
    update_cache: yes
 #- name: Add server Ip in mongod.conf
 #  ansible.builtin.lineinfile:
 #    path: /etc/mongod.conf
 #    search_string: '  bindIp: 127.0.0.1'
 #    line: '  bindIp: 127.0.0.1, {{ mongodb_ip }}'
 - name: Start the mongodb daemon
  ansible.builtin.shell:  systemctl start mongod
 - name: Verify the mongodb service status
  ansible.builtin.systemd:
    state: started
    name: mongod
  register: mongo_status
 - debug:
    var: mongo_status.status.ActiveState
 - name: Enable the mongod service and ensure it is not masked
  ansible.builtin.systemd:
    name: mongod
    enabled: true
    masked: no
      #- name: Check if user database admin exists
      #  become: false
      #  ansible.builtin.script:
      #    executable: python3
      #    cmd: "check_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
      #  register: admin_exists
      #  #delegate_to: 127.0.0.1
      #  ignore_errors: true
 # check_admin_user (check if admin user exists)
 - name: Create working directory for mongo admin scripts
  become: false
  ansible.builtin.file:
    path: /home/{{ user }}/tmp/
    state: directory
    mode: '0755'
 - name: Installing workplace script librairies
  become: false
  ansible.builtin.pip:
    name: pymongo
    virtualenv: /home/{{ user }}/tmp/.venv
 - name: Upload check_admin_user python script
  become: false
  ansible.builtin.copy:
    src: files/check_admin_user.py
    dest: "/home/{{ user }}/tmp/"
    mode: '0755'
 - name: Run check_admin_user python script
  become: false
  ansible.builtin.shell: "cd /home/{{ user }}/tmp && . .venv/bin/activate && ./check_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
  register: admin_exists
  args:
    executable: /bin/bash
  ignore_errors: true
 - debug:
    var: admin_exists
 #- name: Add mongo database admin
 #  become: false
 #  ansible.builtin.script:
 #    executable: python3
 #    cmd: "add_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
 #  delegate_to: 127.0.0.1
 #  when: admin_exists.rc == 0
 - name: Upload add_admin_user python script
  become: false
  ansible.builtin.copy:
    src: files/add_admin_user.py
    dest: "/home/{{ user }}/tmp/"
    mode: '0755'
 - name: Installing workplace script librairies
  become: false
  ansible.builtin.pip:
    name: pymongo
    virtualenv: /home/{{ user }}/tmp/.venv
 - name: Run add_admin_user python script
  ansible.builtin.shell: "cd /home/{{ user }}/tmp && . .venv/bin/activate && ./add_admin_user.py {{ mongodb_ip }} {{ mongodb_admin }} {{mongodb_password}}"
  args:
    executable: /bin/bash
  when: admin_exists.rc == 0
  ignore_errors: true
 - name: Enable restricted authentication over mongodb
  ansible.builtin.replace:
    path: /etc/mongod.conf
    regexp: '#security:'
    replace: "security: \n  authorization: enabled"
 - name: Restart the mongodb daemon
  ansible.builtin.shell:  systemctl restart mongod
 - name: Verify the mongodb service status
  ansible.builtin.systemd:
    state: started
    name: mongod
  register: mongo_status
 - debug:
    var: mongo_status.status.ActiveState
--- a/roles/mongodb/vars/main.yml
+++ b/roles/mongodb/vars/main.yml
@ -0,0 +1,4 @@
 user: "{{ linux_user }}"
 mongodb_ip: 127.0.0.1
 mongodb_admin: "{{ dbadmin }}"
 mongodb_password: "{{ dbpassword }}"
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nginx/handlers/main.yml
@ -0,0 +1,5 @@
 - name: restart nginx
  service:
    name: nginx
    state: restarted
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -0,0 +1,30 @@
 ---
 - name: Install Nginx
  apt:
    name:
      - nginx
    state: present
      #- name: "create www directory"
      #  file:
      #    path: /var/www/{{ domain }}
      #    state: directory
      #    mode: '0775'
      #    owner: "{{ ansible_user }}"
      #    group: "{{ ansible_user }}"
 - name: delete default nginx site
  file:
    path: /etc/nginx/sites-enabled/default
    state: absent
  notify: restart nginx
 - name: copy nginx site.conf
  template:
    src: templates/site.conf.j2
    dest: /etc/nginx/sites-enabled/{{ domain }}
    owner: root
    group: root
    mode: '0644'
  notify: restart nginx
--- a/roles/nginx/templates/site.conf.j2
+++ b/roles/nginx/templates/site.conf.j2
@ -0,0 +1,16 @@
 server {
  listen 80;
  listen [::]:80;
  server_name {{ domain }};
  #root /var/www/{{ domain }};
  location / {
    # try_files $uri $uri/ =404;
    proxy_pass http://localhost:5000;
  }
  # location /.well-known/acme-challenge/ {
  #         root /var/www/{{ domain }};
  # }
 }
--- a/roles/nginx/vars/main.yml
+++ b/roles/nginx/vars/main.yml
@ -0,0 +1,2 @@
 ---
 domain: "{{ domain_name }}"
--- a/roles/pip/readme.txt
+++ b/roles/pip/readme.txt
@ -0,0 +1,6 @@
 requirements
    pip
    virtualenv
    setuptools
--- a/roles/pip/tasks/main.yml
+++ b/roles/pip/tasks/main.yml
@ -0,0 +1,10 @@
 - name: Install python librairies into the specified virtual environment
  ansible.builtin.pip:
    requirements: /opt/app/requirements.txt
    virtualenv: /opt/app/.venv
 # TODO: a mettre dans les handlers du role
 # TODO: utiliser ansible systemctl pour cette task
 #- name: Deployment - restart systemd app service
 #  shell: systemctl restart princelyacts.service
--- a/roles/run/tasks/main.yml
+++ b/roles/run/tasks/main.yml
@ -0,0 +1,38 @@
 #- name: Execute the flask init command
 #  ansible.builtin.shell: |
 #    source bootstrap.sh
 #    flask db init
 #  args:
 #    chdir: /opt/app/
 #    creates: actes_princiers.sqlite
 #    executable: /usr/bin/bash
 #- name: Start the flask run application
 #  ansible.builtin.shell: |
 #    source bootstrap.sh
 #    flask run &
 #  args:
 #    chdir: /opt/app/
 #    executable: /usr/bin/bash
 - name: Template a file to /etc/file.conf
  ansible.builtin.template:
    src: templates/princelyacts.service.jinja
    dest: /etc/systemd/system/princelyacts.service
    #owner: "{{ system_user }}"
    #group: "{{ system_user }}"
    mode: '0777'
 - name: start systemd app service
  systemd: name=princelyacts.service state=restarted enabled=yes
 - name: check if flask app runs
  ansible.builtin.shell: netstat -tulnp | grep :5000
  register: flask_status
 - name: check if flask app is up
  ansible.builtin.assert:
    that:
      - flask_status != 0
    fail_msg: "flask web application service is down (status:{!"
    success_msg: "flask web application is up and running..."
--- a/roles/run/templates/princelyacts.service.jinja
+++ b/roles/run/templates/princelyacts.service.jinja
@ -0,0 +1,20 @@
 [Unit]
 Description=Flask Princely-Acts web appliance
 After=network.target
 [Service]
 User={{ system_user }}
 Group={{ system_user }}
 WorkingDirectory=/opt/app
 Environment="PATH=/opt/app/.env/bin"
 Environment="FLASK_ENV=production"
 #Environment="FLASK_ENV=development"
 # use in development environment
 #Environment="FLASK_APP=index.py"
 #ExecStart="flask run"
 #ExecStart=/opt/app/.venv/bin/flask run 
 ExecStart=/opt/app/.venv/bin/gunicorn -w 3 -b 127.0.0.1:5000 app:app
 [Install]
 WantedBy=multi-user.target
--- a/roles/run/vars/main.yml
+++ b/roles/run/vars/main.yml
@ -0,0 +1,2 @@
 system_user: "{{ linux_user }}"
--- a/run_playbook.sh
+++ b/run_playbook.sh
@ -0,0 +1,4 @@
 # IMPORTANT : run the script `./vault decrypt` to unlock the encrypted files **before lauching this script**
 # ansible-playbook -i hosts -c local playbook.yml
 ansible-playbook playbook.yml
--- a/todo.txt
+++ b/todo.txt
@ -0,0 +1,21 @@
 TODO
 ===========
 dernier sprint
 ---------------
 à faire ensuite :
 - retirer le tag launch_application et le script et le playbook
 ufw
 -----
 - for mongo
 - for nginx
  - name: open firewall for nginx
    ufw:
      rule: allow
      name: Nginx Full
		`@ -0,0 +1,5 @@`
							`# set the vps ip address or domain name`

							`server1 ansible_host="{{ server_ip }}" ansible_ssh_user="{{ linux_user }}" ansible_python_interpreter="/usr/bin/python3"`