Changed to version with generated hosts file.

database.yml

@@ -1,6 +1,6 @@
 ---
 - name: deploy MariaDB and configure the databases
-  hosts: dbserver
+  hosts: jiskefet_backend
   remote_user: "{{ remote_privileged_user }}"
   become: yes
 

docs/create-test-inventory.md

@@ -3,11 +3,11 @@ Create your own inventory for tests
 An Ansible inventory is basically a list of hostnames grouped into logical sets: 
 ```
 # example from official documentation
-[webservers]
+[jiskefet-frontend]
 foo.example.com
 bar.example.com
 
-[dbservers]
+[jiskefet-backend]
 one.example.com
 two.example.com
 three.example.com

docs/setting_up_ssh.md

@@ -122,10 +122,10 @@ host_vars
 It is possible to set the ssh parameters in the host file as displayed below. The drawback is that the credentials will be exposed. If possible, please refrain from using this setup.
 
 ```ini
-[webservers]
+[jiskefet-frontend]
 jiskefet-api  ansible=your_user_here ansible_ssh_pass=your_password_here
 
-[dbservers]
+[jiskefet-backend]
 jiskefet-db   ansible=your_user_here ansible_ssh_pass=your_password_here
 ```
 

jiskefet_backend.yml

@@ -0,0 +1,10 @@
+---
+- name: configure and deploy the webservers and application code
+  hosts: jiskefet_backend
+  remote_user: "{{ remote_privileged_user }}"
+  become: yes
+  vars:
+    - temp_folder: /tmp
+
+  roles:
+  - jiskefet-backend

webserver.yml → jiskefet_common.yml

@@ -1,6 +1,6 @@
 ---
 - name: configure and deploy the webservers and application code
-  hosts: webserver
+  hosts: jiskefet_frontend, jiskefet_backend
   remote_user: "{{ remote_privileged_user }}"
   become: yes
   vars:
@@ -9,5 +9,5 @@
   roles:
   - nginx
   - nodejs
-  - web
+  - jiskefet-common
   - ntp-client

jiskefet_frontend.yml

@@ -0,0 +1,10 @@
+---
+- name: configure and deploy the webservers and application code
+  hosts: jiskefet_frontend
+  remote_user: "{{ remote_privileged_user }}"
+  become: yes
+  vars:
+    - temp_folder: /tmp
+
+  roles:
+  - jiskefet-frontend

roles/basevars/defaults/main.yml

@@ -1 +1,28 @@
 ---
+application_name: "Logbook ITS"
+remote_privileged_user: root
+jiskefet_user: jiskefet
+mysql_root_password: abd1516812
+USE_CERN_SSO: true
+
+jiskefet_api_general_settings:
+  TYPEORM_HOST: "{{inventory_hostname}}"
+  TYPEORM_USERNAME: 'jiskefet'
+  TYPEORM_PASSWORD: 'abd1516812'
+  TYPEORM_DATABASE: 'jiskefetdb'
+  JWT_SECRET_KEY: 'NHcW7x9K'
+  PORT: 3000
+
+jiskefet_api_optional_settings:
+  TEST_DB_HOST: localhost
+  TEST_DB_DATABASE: 
+  TEST_DB_USERNAME:
+  TEST_DB_PASSWORD:
+
+jiskefet_ui_settings:
+  USE_API_PREFIX: true
+  ALLOW_ANONYMOUS: true
+
+# If you use CERN SSO set true then you need to use the correct settings below. Check CERN oauth page to setup credentials.
+jiskefet_cern_oauth_settings:
+  CERN_REGISTERED_URI: "http://{{inventory_hostname}}/callback"

roles/basevars/vars/main.yml

@@ -1,18 +1,2 @@
 ---
-remote_privileged_user: root
-jiskefet_user: jiskefet
-mysql_root_password: abd1516812
-
-jiskefet_api_general_settings:
-  TYPEORM_HOST: jiskefet-development.cern.ch
-  TYPEORM_USERNAME: jiskefet
-  TYPEORM_PASSWORD: Kaas
-  TYPEORM_DATABASE: jiskefetdb
-  JWT_SECRET_KEY: Kaas123
-  PORT: 3000
-  USE_API_PREFIX: true
-jiskefet_api_optional_settings:
-  TEST_DB_HOST: localhost
-  TEST_DB_DATABASE: 
-  TEST_DB_USERNAME:
-  TEST_DB_PASSWORD:
+nginx_version: 1.16.0

roles/web/tasks/change-env-variables.yml → roles/jiskefet-backend/tasks/change-env-variables-backend.yml

@@ -7,25 +7,6 @@
 #  */
 
 ---
-- name: Check if .env exists in jiskefet-ui project
-  stat:
-    path: /var/lib/jiskefet/jiskefet-ui/.env
-  register: stat_result
-  become_user: "{{ jiskefet_user }}"
-
-- name: Create .env in jiskefet-ui if it does not exist.
-  when: stat_result.stat.exists == False 
-  file:
-    path: /var/lib/jiskefet/jiskefet-ui/.env
-    state: touch
-  become_user: "{{ jiskefet_user }}"
-
-- name: Set general settings for jiskefet-ui .env
-  lineinfile:
-    path: /var/lib/jiskefet/jiskefet-ui/.env
-    line: "{{ item.key }}={{ item.value }}"
-  with_dict: "{{ jiskefet_ui_settings }}"
-
 - name: Check if .env exists in jiskefet-api project
   stat:
     path: /var/lib/jiskefet/jiskefet-api/.env
@@ -52,13 +33,6 @@
     line: "{{ item.key }}={{ item.value }}"
   with_dict: "{{ jiskefet_api_general_settings }}"
 
-- name: Set OAuth settings for jiskefet-api .env
-  lineinfile:
-    path: /var/lib/jiskefet/jiskefet-api/.env
-    regexp: "{{ item.key }}=(.*)$"
-    line: "{{ item.key }}={{ item.value }}"
-  with_dict: "{{ jiskefet_oauth_settings }}"
-
 - name: Set CERN oauth settings for jiskefet-api .env
   when: USE_CERN_SSO | lower == "true"
   lineinfile:
@@ -72,4 +46,4 @@
     regexp: "{{ item.key }}=(.*)$"
     line: "{{ item.key }}={{ item.value }}"
   with_dict: "{{ jiskefet_api_optional_settings }}"
-...
+...

roles/jiskefet-backend/tasks/createdbuser.yml

@@ -0,0 +1,12 @@
+---
+- name: Set {{ jiskefet_api_general_settings.TYPEORM_USERNAME }} user password
+  mysql_user: 
+    name: "{{ jiskefet_api_general_settings.TYPEORM_USERNAME }}"
+    host: "{{inventory_hostname}}"
+    password: "{{ jiskefet_api_general_settings.TYPEORM_PASSWORD }}"
+    check_implicit_admin: "yes"
+    login_user: "root"
+    login_password: "{{ mysql_root_password }}"
+    state: "present"
+  tags: configuration
+...

roles/jiskefet-backend/tasks/getapi.yml

@@ -0,0 +1,11 @@
+---
+- name: checkout jiskefet-api
+  git:
+    repo: "{{ remote_repository_url.JISKEFET_API }}"
+    dest: /var/lib/jiskefet/jiskefet-api
+    force: yes
+    version: "{{ repository_branch.JISKEFET_API }}"
+  become_user: "{{ jiskefet_user }}"
+  tags:
+    - git_pull
+...

roles/web/tasks/main.yml → roles/jiskefet-backend/tasks/main.yml

@@ -32,27 +32,29 @@
 # When "{{ use_hostname_as_remote_address }}" is set to false, ansible will check if the "{{ ansible_remote_address }}"
 # If the variable is defined, it will use the user defined value, otherwise it will default to the result of variable
 # "{{ ansible_default_ipv4.address }}".
-- import_tasks: firewall.yml
 
-- import_tasks: set-default-values.yml
 
 # Install git
-- include_tasks: git.yml
+- include_tasks: getapi.yml
   when: use_local_repository == "no"
   tags:
     - git_pull
 
 # Unarchive projects
-- include_tasks: unarchive.yml
+- include_tasks: unarchive-backend.yml
   when: use_local_repository == "yes"
 
 # Setting the environment variables
-- import_tasks: change-env-variables.yml
+- import_tasks: change-env-variables-backend.yml
   tags:
     - git_pull
 
 # Do npm install
-- import_tasks: npm.yml
+- import_tasks: npm-backend.yml
+  tags:
+    - git_pull
+
+- import_tasks: createdbuser.yml
   tags:
     - git_pull
 

roles/jiskefet-backend/tasks/npm-backend.yml

@@ -0,0 +1,15 @@
+# /*
+#  * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
+#  *
+#  * This software is distributed under the terms of the
+#  * GNU General Public Licence version 3 (GPL) version 3,
+#  * copied verbatim in the file "LICENSE"
+#  */
+
+---
+- name: run npm install on jiskefet-api
+  command: npm install
+  become_user: "{{ jiskefet_user }}"
+  args:
+    chdir: "/var/lib/jiskefet/jiskefet-api"
+...

roles/web/tasks/unarchive.yml → roles/jiskefet-backend/tasks/unarchive-backend.yml

@@ -13,11 +13,4 @@
     src: ../jiskefet-api.tar
     dest: /var/lib/jiskefet
   become_method: sudo
-
-- name: Unarchive ui files to remote
-  unarchive:
-    owner: "{{ jiskefet_user }}"
-    src: ../jiskefet-ui.tar
-    dest: /var/lib/jiskefet
-  become_method: sudo
 ...

roles/web/vars/main.yml → roles/jiskefet-backend/vars/main.yml

@@ -5,7 +5,7 @@ deploy_environment: prod
 
 remote_repository_url:
   JISKEFET_API: https://github.com/SoftwareForScience/jiskefet-api 
-  JISKEFET_UI: https://github.com/SoftwareForScience/jiskefet-ui
+
 repository_branch:
   JISKEFET_API: develop
-  JISKEFET_UI: develop
+

roles/mariadb/handlers/main.yml → roles/jiskefet-common/handlers/main.yml

@@ -7,22 +7,17 @@
 #  */
 
 ---
-- name: restart firewalld
+- name: restart NGiNX
   become_method: sudo
   service:
-    name: firewalld
+    name: nginx
     state: restarted
+  tags:
+    - git_pull
 
-- name: enable mariadb on reboot
-  become_method: sudo
-  service: 
-    name: mariadb 
-    state: started 
-    enabled: true
-
-- name: restart mysql
+- name: restart firewalld
   become_method: sudo
   service:
-    name: mysql
+    name: firewalld
     state: restarted
 ...

roles/common/tasks/create-jiskefet-user.yml → roles/jiskefet-common/tasks/create-jiskefet-user.yml

@@ -32,7 +32,7 @@
     when: "jiskefet_user != 'root'"
     tags: configuration
 
-  - name: Ensure group {{ jiskefet_user}} exists
+  - name: Ensure group {{ jiskefet_user }} exists
     group:
       name: jiskefet
       state: present

roles/common/tasks/main.yml → roles/jiskefet-common/tasks/git.yml

@@ -7,9 +7,9 @@
 #  */
 
 ---
-# create jiskefet users
-- import_tasks: create-jiskefet-user.yml
-
-# ensure firewall has been started
-#- import_tasks: firewall.yml
-...
+- name: install git
+  yum:
+    name: git
+    state: present
+  become_method: sudo
+...

roles/jiskefet-common/tasks/main.yml

@@ -0,0 +1,4 @@
+- import_tasks: create-jiskefet-user.yml
+- import_tasks: git.yml
+- import_tasks: firewall.yml
+- import_tasks: set-default-values.yml

roles/web/tasks/set-default-values.yml → roles/jiskefet-common/tasks/set-default-values.yml

@@ -48,6 +48,8 @@
       PORT: "{{ jiskefet_api_general_settings.PORT if ((jiskefet_api_general_settings.PORT is defined) and (jiskefet_api_general_settings.PORT | trim != '')) else 3000}}"
       # TYPEORM_HOST: "{{ jiskefet_api_general_settings.TYPEORM_HOST if ((jiskefet_api_general_settings.TYPEORM_HOST is defined) and (jiskefet_api_general_settings.TYPEORM_HOST | trim != '')) else ansible_default_ipv4.address }}"
       TYPEORM_CONNECTION: "{{ jiskefet_api_general_settings.TYPEORM_CONNECTION if ((jiskefet_api_general_settings.TYPEORM_CONNECTION is defined) and (jiskefet_api_general_settings.TYPEORM_CONNECTION | trim != '')) else 'mysql'}}"
+      TYPEORM_USERNAME: "{{ jiskefet_api_general_settings.TYPEORM_USERNAME if ((jiskefet_api_general_settings.TYPEORM_USERNAME is defined) and (jiskefet_api_general_settings.TYPEORM_USERNAME | trim != '')) else 'jiskefet'}}"
+      TYPEORM_PASSWORD: "{{ jiskefet_api_general_settings.TYPEORM_PASSWORD if ((jiskefet_api_general_settings.TYPEORM_PASSWORD is defined) and (jiskefet_api_general_settings.TYPEORM_PASSWORD | trim != '')) else 'abd1516812'}}"
       TYPEORM_PORT: "{{ jiskefet_api_general_settings.TYPEORM_PORT if ((jiskefet_api_general_settings.TYPEORM_PORT is defined) and (jiskefet_api_general_settings.TYPEORM_PORT | trim != '')) else 3306}}"
       TYPEORM_SYNCHRONIZE: "{{ jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE if ((jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE is defined) and (jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE | trim != '')) else 'true'}}"
       TYPEORM_LOGGING: "{{ jiskefet_api_general_settings.TYPEORM_LOGGING if ((jiskefet_api_general_settings.TYPEORM_LOGGING is defined) and (jiskefet_api_general_settings.TYPEORM_LOGGING | trim != '')) else 'false'}}" 
@@ -62,10 +64,10 @@
       TEST_DB_SYNCHRONIZE: "{{ jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE if ((jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE is defined) and (jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE | trim != '')) else 'true'}}"
       TEST_DB_LOGGING: "{{ jiskefet_api_optional_settings.TEST_DB_LOGGING if ((jiskefet_api_optional_settings.TEST_DB_LOGGING is defined) and (jiskefet_api_optional_settings.TEST_DB_LOGGING | trim != '')) else 'true'}}"
     jiskefet_ui_settings:
-      USE_API_PREFIX: true
+      USE_API_PREFIX: "{{ jiskefet_ui_settings.USE_API_PREFIX if ((jiskefet_ui_settings.USE_API_PREFIX is defined) and (jiskefet_ui_settings.USE_API_PREFIX | trim != '')) else 'true' }}"
       APPLICATION_NAME: "{{ jiskefet_ui_settings.APPLICATION_NAME if ((jiskefet_ui_settings.APPLICATION_NAME is defined) and (jiskefet_ui_settings.APPLICATION_NAME | trim != '')) else '{{ application_name }}' }}"
-      FILE_UPLOAD_LIMIT: "{{ file_upload_limit }}"
-      ALLOW_ANONYMOUS: "{{ jiskefet_ui_settings.ALLOW_ANONYMOUS }}"
+      FILE_UPLOAD_LIMIT: "{{ file_upload_limit }} if ((jiskefet_ui_settings.FILE_UPLOAD_LIMIT is defined) and (jiskefet_ui_settings.FILE_UPLOAD_LIMIT | trim != '')) else '50000' }}"
+      ALLOW_ANONYMOUS: "{{ jiskefet_ui_settings.ALLOW_ANONYMOUS }} if ((jiskefet_ui_settings.ALLOW_ANONYMOUS is defined) and (jiskefet_ui_settings.ALLOW_ANONYMOUS | trim != '')) else 'true' }}"
   delegate_to: "{{ item }}"
   with_items:
     - "{{ groups.all }}"