From 24303b6c1c0d5815cf695bea3035220af1522749 Mon Sep 17 00:00:00 2001
From: Elias <elias@showk.me>
Date: Fri, 16 Feb 2018 11:14:43 +0100
Subject: [PATCH] deploy and delete tenants : a playbook and documentation for
 hobo-manage related commands (#21695)

---
 README.rst                                         | 56 +++++++++++++++++-----
 delete-tenants.yml                                 | 25 ++++++++++
 deploy-tenants.yml                                 |  8 ++++
 install.yml                                        |  2 +-
 inventory.yml                                      |  8 +++-
 roles/deploy-tenants/tasks/main.yml                | 34 +++++++++++++
 roles/deploy-tenants/templates/config.json.j2      | 25 ++++++++++
 .../templates/hobo-manage-recipe-with-wcs.j2       | 33 +++++++++++++
 roles/deploy-tenants/templates/site-options.cfg.j2 |  4 ++
 roles/deploy-tenants/vars/main.yml                 |  7 +++
 10 files changed, 187 insertions(+), 15 deletions(-)
 create mode 100644 delete-tenants.yml
 create mode 100644 deploy-tenants.yml
 create mode 100644 roles/deploy-tenants/tasks/main.yml
 create mode 100644 roles/deploy-tenants/templates/config.json.j2
 create mode 100644 roles/deploy-tenants/templates/hobo-manage-recipe-with-wcs.j2
 create mode 100644 roles/deploy-tenants/templates/site-options.cfg.j2
 create mode 100644 roles/deploy-tenants/vars/main.yml

diff --git a/README.rst b/README.rst
index 7a2fcd7..f3acd27 100644
--- a/README.rst
+++ b/README.rst
@@ -3,6 +3,8 @@ Development configuration for publik
 
 Ansible playbook that install and setup a multitenant publik instance using sources.
 
+A complete version of this document is maintained here :
+https://dev.entrouvert.org/projects/publik-devinst/wiki/Installation_d'un_environnement_de_développement_local
 
 Setup
 =====
@@ -10,7 +12,6 @@ Setup
 Install dependencies
 ++++++++++++++++++++
 
-
 .. code-block:: bash
 
     pip install --user -r requirements.txt
@@ -20,18 +21,37 @@ System requirements
 +++++++++++++++++++
 
 * postgresql server must be installed
-* the system user used to run ansible must be a sudoer
-* configure postgresql in order to have these configuration:
+* the system's user running the install.yml playbook must be a sudoer
+* configure postgresql in order to have this configuration:
 
-  * the system user is used to run ansible and must to be able to connect to the postgresql server without authentication and must be authorized to create databases
+  * the system user is used to run ansible and must to be able to connect to thepostgresql server without authentication and must be authorized to create databases
   * postgresql must have a postgres user authorized to connect and create a db.
-  * please edit /etc/postgresql/[INSTALLED VERSION]/main/pg_hba.conf and add these lines:
+  * please edit /etc/postgresql/[INSTALLED VERSION]/main/pg_hba.conf and add these lines (if not present):
 
 .. code-block:: configuration
 
   local   all     postgres    trust
   local   all     all         peer
 
+First line allows postgres user to have all privileges on locahost
+Second line allows to have the system's user mapped to postgresql username and its own database with the same name
+
+
+Configure local DNS
+-------------------
+
+To set your DNS to handle all the domains registered in the
+certificate {{ssl_certificate}} and in the Nginx configuration for publik :
+
+* edit /etc/hosts and ensure the a line with some localhost IP has all the sub-domains required
+
+.. code-block:: bash
+
+    127.0.42.1   dev-hobo.local.publik agents-combo.local.publik public-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik
+
+* You can also configure dnsmasq to catch *.local.publik
+
+
 Description
 ===========
 
@@ -59,30 +79,42 @@ Then for each 'app' registered in the 'apps' section of the configuration file,
  * create a nginx configuration for server-app
  * create a database and its schema
 
-
 Usage
 =====
 
 Install publik
+--------------
+Remember, you need to be sudoer.
 
 .. code-block:: bash
 
-   ansible-playbook -i inventory.yml -K -e user=$(whoami) install.yml
+    ansible-playbook -i inventory.yml -K -e user=$(whoami) install.yml
 
 Install publik and skip theme compilation
+-----------------------------------------
 
 .. code-block:: bash
 
-   ansible-playbook -i inventory.yml -K -e user=$(whoami) -e compile_theme=false install.yml
+    ansible-playbook -i inventory.yml -K -e user=$(whoami) -e compile_theme=false install.yml
 
 
 Send publik to the cemetery
+---------------------------
 
 .. code-block:: bash
 
-   ansible-playbook -i inventory.yml -K clean.yml
+    ansible-playbook -i inventory.yml -K clean.yml
 
-Next
-====
+Configure tenants
+------------------
+
+.. code-block:: bash
+
+    ansible-playbook -i inventory.yml -e user=$(whoami) deploy-tenants.yml
+
+Delete all tenants
+------------------
+
+.. code-block:: bash
 
-Help yourself with your DNS settings and deploy some tenant applications using cook
+    ansible-playbook -i inventory.yml -e user=$(whoami) delete-tenants.yml
diff --git a/delete-tenants.yml b/delete-tenants.yml
new file mode 100644
index 0000000..16494be
--- /dev/null
+++ b/delete-tenants.yml
@@ -0,0 +1,25 @@
+---
+- name: delete all publik tenants
+  hosts: local
+  vars:
+    venv_bin: "{{venv}}/bin"
+  tasks:
+    - name: "execute hobo-manage delete_tenant"
+      command: "{{venv_bin}}/hobo-manage delete_tenant {{tenants_conf['dev-hobo']}}"
+      ignore_errors: yes
+
+    - name: "execute combo-manage delete_tenant"
+      command: "{{venv_bin}}/combo-manage delete_tenant {{tenants_conf['user-combo']}}"
+      ignore_errors: yes
+
+    - name: "execute combo-manage delete_tenant"
+      command: "{{venv_bin}}/combo-manage delete_tenant {{tenants_conf['agent-combo']}}"
+      ignore_errors: yes
+
+    - name: "execute authentic-multitenant-manage delete_tenant"
+      command: "{{venv_bin}}/authentic-multitenant-manage delete_tenant {{tenants_conf['connexion-authentic']}}"
+      ignore_errors: yes
+
+    - name: "execute wcsctl.py delete_tenant"
+      command: "{{venv_bin}}/wcsctl.py delete_tenant {{tenants_conf['demarches-wcs']}}"
+      ignore_errors: yes
diff --git a/deploy-tenants.yml b/deploy-tenants.yml
new file mode 100644
index 0000000..b12d989
--- /dev/null
+++ b/deploy-tenants.yml
@@ -0,0 +1,8 @@
+---
+- name: deploy publik tenants for local developement
+  hosts: local
+  roles:
+    - deploy-tenants
+  vars:
+    venv_bin: "{{venv}}/bin"
+    venv_conf: "{{venv}}/conf"
diff --git a/install.yml b/install.yml
index a92d4dd..8cb1b77 100644
--- a/install.yml
+++ b/install.yml
@@ -1,5 +1,5 @@
 ---
-- name: publik multitenant install
+- name: publik multitenants installation
   hosts: local
   roles:
     - base
diff --git a/inventory.yml b/inventory.yml
index 57bc857..94a0171 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -39,5 +39,9 @@ local:
         nginx_host_pattern: '~^(.*)\-wcs\.local\.publik$'
         project_name: wcs
         server_port: 8032
-        
-      
+    tenants_conf:
+      connexion-authentic: "connexion-authentic.local.publik"
+      agent-combo: "agent-combo.local.publik"
+      user-combo: "user-combo.local.publik"
+      dev-hobo: "dev-hobo.local.publik"
+      demarches-wcs: "demarches-wcs.local.publik"
diff --git a/roles/deploy-tenants/tasks/main.yml b/roles/deploy-tenants/tasks/main.yml
new file mode 100644
index 0000000..9b000c6
--- /dev/null
+++ b/roles/deploy-tenants/tasks/main.yml
@@ -0,0 +1,34 @@
+- debug :
+    msg: |
+      "IF {{ tenants_conf['dev-hobo'] }} or any sub-domain from 'tenants_conf' vars is unreachable, this playbook will block and fail. Check the README.rst to set sub-domains first"
+
+- name : compile site-options.cfg
+  template:
+    src: templates/site-options.cfg.j2
+    dest:  "/tmp/site-options.cfg"
+
+- name : compile config.json
+  template:
+    src: templates/config.json.j2
+    dest:  "/tmp/config.json.cfg"
+
+- name: "Zips the {{wcs_skeleton_filename}} cook configuration bundle"
+  archive:
+    path:
+        - /tmp/site-options.cfg
+        - /tmp/config.json.cfg
+    dest: /tmp/{{wcs_skeleton_filename}}
+    format: zip
+
+- name : copies a wcs skeleton archive
+  copy:
+    src: "/tmp/{{wcs_skeleton_filename}}"
+    dest:  "/var/lib/wcs/skeletons/{{wcs_skeleton_filename}}"
+
+- name: copies a cook json template
+  template:
+    src: templates/hobo-manage-recipe-with-wcs.j2
+    dest: "{{wcs_dev_template_path}}"
+
+- name: Run command hobo-manage to initiate the development subdomains
+  command: "{{venv_bin}}/hobo-manage cook {{wcs_dev_template_path}} --timeout=600"
diff --git a/roles/deploy-tenants/templates/config.json.j2 b/roles/deploy-tenants/templates/config.json.j2
new file mode 100644
index 0000000..b0645c1
--- /dev/null
+++ b/roles/deploy-tenants/templates/config.json.j2
@@ -0,0 +1,25 @@
+{
+    "branding": {
+        "theme": "publik-base"
+    },
+    "debug": {
+        "error_email": "{{wcs_error_email}}
+    },
+    "language": {
+        "language": "{{wcs_language}}"
+    },
+    "misc": {
+        "charset": "utf-8",
+        "homepage-redirect-url": "[portal_url]"
+    },
+    "postgresql": {
+        "createdb-connection-params": {
+            "database": "{{wcs_init_postgres_database}}",
+            "host": "{{wcs_init_postgres_host}}",
+            "user": "{{wcs_init_postgres_user}}"
+        },
+        "database-template-name": "wcs_%s",
+        "host": "{{wcs_init_postgres_host}}",
+        "user": "{{wcs_init_postgres_user}}"
+    }
+}
diff --git a/roles/deploy-tenants/templates/hobo-manage-recipe-with-wcs.j2 b/roles/deploy-tenants/templates/hobo-manage-recipe-with-wcs.j2
new file mode 100644
index 0000000..d7badc5
--- /dev/null
+++ b/roles/deploy-tenants/templates/hobo-manage-recipe-with-wcs.j2
@@ -0,0 +1,33 @@
+{
+  "steps": [
+    {"create-hobo": {
+      "url": "https://{{tenants_conf['dev-hobo']}}/"
+    }},
+    {"create-authentic": {
+      "url": "https://{{tenants_conf['connexion-authentic']}}/",
+      "title": "Connexion"
+    }},
+    {"set-idp": {
+    }},
+    {"create-combo": {
+        "url": "https://{{tenants_conf['user-combo']}}/",
+        "title": "Portail Citoyen",
+        "template_name": "portal-user"
+    }},
+    {"create-combo": {
+        "url": "https://{{tenants_conf['agent-combo']}}/",
+        "title": "Portail Agent",
+        "slug": "portal-agent",
+        "template_name": "portal-agent"
+    }},
+    {"create-wcs": {
+        "url": "https://{{tenants_conf['demarches-wcs']}}/",
+        "template_name": "{{wcs_skeleton_filename}}",
+        "slug": "services",
+        "title": "Démarches"
+    }},
+    {"set-theme": {
+      "theme": "publik"
+    }}
+  ]
+}
diff --git a/roles/deploy-tenants/templates/site-options.cfg.j2 b/roles/deploy-tenants/templates/site-options.cfg.j2
new file mode 100644
index 0000000..239e752
--- /dev/null
+++ b/roles/deploy-tenants/templates/site-options.cfg.j2
@@ -0,0 +1,4 @@
+[options]
+postgresql = true
+default-to-global-view = true
+workflow-global-actions = true
diff --git a/roles/deploy-tenants/vars/main.yml b/roles/deploy-tenants/vars/main.yml
new file mode 100644
index 0000000..c3b611b
--- /dev/null
+++ b/roles/deploy-tenants/vars/main.yml
@@ -0,0 +1,7 @@
+wcs_dev_template_path: /tmp/hobo-manage-recipe-with-wcs.json
+wcs_skeleton_filename: publik.zip
+wcs_error_email: ""
+wcs_language: "fr"
+wcs_init_postgres_user: ""
+wcs_init_postgres_host: ""
+wcs_init_postgres_database: "postgres"
-- 
2.14.1