0001-deploy-and-delete-tenants-a-playbook-and-documentati.patch
README.rst | ||
---|---|---|
3 | 3 | |
4 | 4 |
Ansible playbook that install and setup a multitenant publik instance using sources. |
5 | 5 | |
6 |
A complete version of this document is maintained here : |
|
7 |
https://dev.entrouvert.org/projects/publik-devinst/wiki/Installation_d'un_environnement_de_développement_local |
|
6 | 8 | |
7 | 9 |
Setup |
8 | 10 |
===== |
... | ... | |
10 | 12 |
Install dependencies |
11 | 13 |
++++++++++++++++++++ |
12 | 14 | |
13 | ||
14 | 15 |
.. code-block:: bash |
15 | 16 | |
16 | 17 |
pip install --user -r requirements.txt |
... | ... | |
20 | 21 |
+++++++++++++++++++ |
21 | 22 | |
22 | 23 |
* postgresql server must be installed |
23 |
* the system user used to run ansible must be a sudoer
|
|
24 |
* configure postgresql in order to have these configuration:
|
|
24 |
* the system's user running the install.yml playbook must be a sudoer
|
|
25 |
* configure postgresql in order to have this configuration:
|
|
25 | 26 | |
26 |
* the system user is used to run ansible and must to be able to connect to the postgresql server without authentication and must be authorized to create databases
|
|
27 |
* the system user is used to run ansible and must to be able to connect to thepostgresql server without authentication and must be authorized to create databases |
|
27 | 28 |
* postgresql must have a postgres user authorized to connect and create a db. |
28 |
* please edit /etc/postgresql/[INSTALLED VERSION]/main/pg_hba.conf and add these lines: |
|
29 |
* please edit /etc/postgresql/[INSTALLED VERSION]/main/pg_hba.conf and add these lines (if not present):
|
|
29 | 30 | |
30 | 31 |
.. code-block:: configuration |
31 | 32 | |
32 | 33 |
local all postgres trust |
33 | 34 |
local all all peer |
34 | 35 | |
36 |
First line allows postgres user to have all privileges on locahost |
|
37 |
Second line allows to have the system's user mapped to postgresql username and its own database with the same name |
|
38 | ||
39 | ||
40 |
Configure local DNS |
|
41 |
------------------- |
|
42 | ||
43 |
To set your DNS to handle all the domains registered in the |
|
44 |
certificate {{ssl_certificate}} and in the Nginx configuration for publik : |
|
45 | ||
46 |
* edit /etc/hosts and ensure the a line with some localhost IP has all the sub-domains required |
|
47 | ||
48 |
.. code-block:: bash |
|
49 | ||
50 |
127.0.42.1 dev-hobo.local.publik agents-combo.local.publik public-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik |
|
51 | ||
52 |
* You can also configure dnsmasq to catch *.local.publik |
|
53 | ||
54 | ||
35 | 55 |
Description |
36 | 56 |
=========== |
37 | 57 | |
... | ... | |
59 | 79 |
* create a nginx configuration for server-app |
60 | 80 |
* create a database and its schema |
61 | 81 | |
62 | ||
63 | 82 |
Usage |
64 | 83 |
===== |
65 | 84 | |
66 | 85 |
Install publik |
86 |
-------------- |
|
87 |
Remember, you need to be sudoer. |
|
67 | 88 | |
68 | 89 |
.. code-block:: bash |
69 | 90 | |
70 |
ansible-playbook -i inventory.yml -K -e user=$(whoami) install.yml |
|
91 |
ansible-playbook -i inventory.yml -K -e user=$(whoami) install.yml
|
|
71 | 92 | |
72 | 93 |
Install publik and skip theme compilation |
94 |
----------------------------------------- |
|
73 | 95 | |
74 | 96 |
.. code-block:: bash |
75 | 97 | |
76 |
ansible-playbook -i inventory.yml -K -e user=$(whoami) -e compile_theme=false install.yml |
|
98 |
ansible-playbook -i inventory.yml -K -e user=$(whoami) -e compile_theme=false install.yml
|
|
77 | 99 | |
78 | 100 | |
79 | 101 |
Send publik to the cemetery |
102 |
--------------------------- |
|
80 | 103 | |
81 | 104 |
.. code-block:: bash |
82 | 105 | |
83 |
ansible-playbook -i inventory.yml -K clean.yml |
|
106 |
ansible-playbook -i inventory.yml -K clean.yml
|
|
84 | 107 | |
85 |
Next |
|
86 |
==== |
|
108 |
Configure tenants |
|
109 |
------------------ |
|
110 | ||
111 |
.. code-block:: bash |
|
112 | ||
113 |
ansible-playbook -i inventory.yml -e user=$(whoami) deploy-tenants.yml |
|
114 | ||
115 |
Delete all tenants |
|
116 |
------------------ |
|
117 | ||
118 |
.. code-block:: bash |
|
87 | 119 | |
88 |
Help yourself with your DNS settings and deploy some tenant applications using cook |
|
120 |
ansible-playbook -i inventory.yml -e user=$(whoami) delete-tenants.yml |
delete-tenants.yml | ||
---|---|---|
1 |
--- |
|
2 |
- name: delete all publik tenants |
|
3 |
hosts: local |
|
4 |
vars: |
|
5 |
venv_bin: "{{venv}}/bin" |
|
6 |
tasks: |
|
7 |
- name: "execute hobo-manage delete_tenant" |
|
8 |
command: "{{venv_bin}}/hobo-manage delete_tenant {{tenants_conf['dev-hobo']}}" |
|
9 |
ignore_errors: yes |
|
10 | ||
11 |
- name: "execute combo-manage delete_tenant" |
|
12 |
command: "{{venv_bin}}/combo-manage delete_tenant {{tenants_conf['user-combo']}}" |
|
13 |
ignore_errors: yes |
|
14 | ||
15 |
- name: "execute combo-manage delete_tenant" |
|
16 |
command: "{{venv_bin}}/combo-manage delete_tenant {{tenants_conf['agent-combo']}}" |
|
17 |
ignore_errors: yes |
|
18 | ||
19 |
- name: "execute authentic-multitenant-manage delete_tenant" |
|
20 |
command: "{{venv_bin}}/authentic-multitenant-manage delete_tenant {{tenants_conf['connexion-authentic']}}" |
|
21 |
ignore_errors: yes |
|
22 | ||
23 |
- name: "execute wcsctl.py delete_tenant" |
|
24 |
command: "{{venv_bin}}/wcsctl.py delete_tenant {{tenants_conf['demarches-wcs']}}" |
|
25 |
ignore_errors: yes |
deploy-tenants.yml | ||
---|---|---|
1 |
--- |
|
2 |
- name: deploy publik tenants for local developement |
|
3 |
hosts: local |
|
4 |
roles: |
|
5 |
- deploy-tenants |
|
6 |
vars: |
|
7 |
venv_bin: "{{venv}}/bin" |
|
8 |
venv_conf: "{{venv}}/conf" |
install.yml | ||
---|---|---|
1 | 1 |
--- |
2 |
- name: publik multitenant install
|
|
2 |
- name: publik multitenants installation
|
|
3 | 3 |
hosts: local |
4 | 4 |
roles: |
5 | 5 |
- base |
inventory.yml | ||
---|---|---|
39 | 39 |
nginx_host_pattern: '~^(.*)\-wcs\.local\.publik$' |
40 | 40 |
project_name: wcs |
41 | 41 |
server_port: 8032 |
42 |
|
|
43 |
|
|
42 |
tenants_conf: |
|
43 |
connexion-authentic: "connexion-authentic.local.publik" |
|
44 |
agent-combo: "agent-combo.local.publik" |
|
45 |
user-combo: "user-combo.local.publik" |
|
46 |
dev-hobo: "dev-hobo.local.publik" |
|
47 |
demarches-wcs: "demarches-wcs.local.publik" |
roles/deploy-tenants/tasks/main.yml | ||
---|---|---|
1 |
- debug : |
|
2 |
msg: | |
|
3 |
"IF {{ tenants_conf['dev-hobo'] }} or any sub-domain from 'tenants_conf' vars is unreachable, this playbook will block and fail. Check the README.rst to set sub-domains first" |
|
4 | ||
5 |
- name : compile site-options.cfg |
|
6 |
template: |
|
7 |
src: templates/site-options.cfg.j2 |
|
8 |
dest: "/tmp/site-options.cfg" |
|
9 | ||
10 |
- name : compile config.json |
|
11 |
template: |
|
12 |
src: templates/config.json.j2 |
|
13 |
dest: "/tmp/config.json.cfg" |
|
14 | ||
15 |
- name: "Zips the {{wcs_skeleton_filename}} cook configuration bundle" |
|
16 |
archive: |
|
17 |
path: |
|
18 |
- /tmp/site-options.cfg |
|
19 |
- /tmp/config.json.cfg |
|
20 |
dest: /tmp/{{wcs_skeleton_filename}} |
|
21 |
format: zip |
|
22 | ||
23 |
- name : copies a wcs skeleton archive |
|
24 |
copy: |
|
25 |
src: "/tmp/{{wcs_skeleton_filename}}" |
|
26 |
dest: "/var/lib/wcs/skeletons/{{wcs_skeleton_filename}}" |
|
27 | ||
28 |
- name: copies a cook json template |
|
29 |
template: |
|
30 |
src: templates/hobo-manage-recipe-with-wcs.j2 |
|
31 |
dest: "{{wcs_dev_template_path}}" |
|
32 | ||
33 |
- name: Run command hobo-manage to initiate the development subdomains |
|
34 |
command: "{{venv_bin}}/hobo-manage cook {{wcs_dev_template_path}} --timeout=600" |
roles/deploy-tenants/templates/config.json.j2 | ||
---|---|---|
1 |
{ |
|
2 |
"branding": { |
|
3 |
"theme": "publik-base" |
|
4 |
}, |
|
5 |
"debug": { |
|
6 |
"error_email": "{{wcs_error_email}} |
|
7 |
}, |
|
8 |
"language": { |
|
9 |
"language": "{{wcs_language}}" |
|
10 |
}, |
|
11 |
"misc": { |
|
12 |
"charset": "utf-8", |
|
13 |
"homepage-redirect-url": "[portal_url]" |
|
14 |
}, |
|
15 |
"postgresql": { |
|
16 |
"createdb-connection-params": { |
|
17 |
"database": "{{wcs_init_postgres_database}}", |
|
18 |
"host": "{{wcs_init_postgres_host}}", |
|
19 |
"user": "{{wcs_init_postgres_user}}" |
|
20 |
}, |
|
21 |
"database-template-name": "wcs_%s", |
|
22 |
"host": "{{wcs_init_postgres_host}}", |
|
23 |
"user": "{{wcs_init_postgres_user}}" |
|
24 |
} |
|
25 |
} |
roles/deploy-tenants/templates/hobo-manage-recipe-with-wcs.j2 | ||
---|---|---|
1 |
{ |
|
2 |
"steps": [ |
|
3 |
{"create-hobo": { |
|
4 |
"url": "https://{{tenants_conf['dev-hobo']}}/" |
|
5 |
}}, |
|
6 |
{"create-authentic": { |
|
7 |
"url": "https://{{tenants_conf['connexion-authentic']}}/", |
|
8 |
"title": "Connexion" |
|
9 |
}}, |
|
10 |
{"set-idp": { |
|
11 |
}}, |
|
12 |
{"create-combo": { |
|
13 |
"url": "https://{{tenants_conf['user-combo']}}/", |
|
14 |
"title": "Portail Citoyen", |
|
15 |
"template_name": "portal-user" |
|
16 |
}}, |
|
17 |
{"create-combo": { |
|
18 |
"url": "https://{{tenants_conf['agent-combo']}}/", |
|
19 |
"title": "Portail Agent", |
|
20 |
"slug": "portal-agent", |
|
21 |
"template_name": "portal-agent" |
|
22 |
}}, |
|
23 |
{"create-wcs": { |
|
24 |
"url": "https://{{tenants_conf['demarches-wcs']}}/", |
|
25 |
"template_name": "{{wcs_skeleton_filename}}", |
|
26 |
"slug": "services", |
|
27 |
"title": "Démarches" |
|
28 |
}}, |
|
29 |
{"set-theme": { |
|
30 |
"theme": "publik" |
|
31 |
}} |
|
32 |
] |
|
33 |
} |
roles/deploy-tenants/templates/site-options.cfg.j2 | ||
---|---|---|
1 |
[options] |
|
2 |
postgresql = true |
|
3 |
default-to-global-view = true |
|
4 |
workflow-global-actions = true |
roles/deploy-tenants/vars/main.yml | ||
---|---|---|
1 |
wcs_dev_template_path: /tmp/hobo-manage-recipe-with-wcs.json |
|
2 |
wcs_skeleton_filename: publik.zip |
|
3 |
wcs_error_email: "" |
|
4 |
wcs_language: "fr" |
|
5 |
wcs_init_postgres_user: "" |
|
6 |
wcs_init_postgres_host: "" |
|
7 |
wcs_init_postgres_database: "postgres" |
|
0 |
- |