diff --git a/playbooks/binder-trusty/.gitignore b/playbooks/binder-trusty/.gitignore new file mode 100644 index 00000000..ab4b0b42 --- /dev/null +++ b/playbooks/binder-trusty/.gitignore @@ -0,0 +1,3 @@ +/roles +/.vagrant +/src diff --git a/playbooks/binder-trusty/README.md b/playbooks/binder-trusty/README.md new file mode 100644 index 00000000..2d7d3553 --- /dev/null +++ b/playbooks/binder-trusty/README.md @@ -0,0 +1,43 @@ +# AtoM Playbook + +The provided playbook installs AtoM on a local Vagrant virtual machine. + +## Requirements + +- Vagrant 1.8.0 or newer +- Ansible 2.0.0 or newer + +## How to use + +Dowload the Ansible roles + + $ ansible-galaxy install -f -p roles/ -r requirements.yml + +Create the virtual machine and provision it: + + $ vagrant up + +To ssh to the VM, run: + + $ vagrant ssh + +If you want to forward your SSH agent too, run: + + $ vagrant ssh -- -A + +To (re-)provision the VM, using Vagrant: + + $ vagrant provision + +To (re-)provision the VM, using Ansible commands directly: + + $ ansible-playbook singlenode.yml + --inventory-file=".vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory" \ + --user="vagrant" \ + --private-key=".vagrant/machines/atom-local/virtualbox/private_key" \ + --extra-vars="atom_dir=/vagrant/src atom_environment_type=development" \ + --verbose + +To (re-)provision the VM, passing your own arguments to `Ansible`: + + $ ANSIBLE_ARGS="--tags=elasticsearch,percona,memcached,gearman,nginx" vagrant provision diff --git a/playbooks/binder-trusty/Vagrantfile b/playbooks/binder-trusty/Vagrantfile new file mode 100644 index 00000000..8150d1ca --- /dev/null +++ b/playbooks/binder-trusty/Vagrantfile @@ -0,0 +1,53 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + + config.vm.box = ENV.fetch("VAGRANT_BOX", "ubuntu/trusty64") + + { + "binder-local" => { + "ip" => "192.168.168.195", + "memory" => "2048", + "cpus" => "2", + }, + }.each do |short_name, properties| + + # Define guest + config.vm.define short_name do |host| + host.vm.network "private_network", ip: properties.fetch("ip") + host.vm.hostname = "#{short_name}.myapp.dev" + end + + # Set the amount of RAM and virtual CPUs for the virtual machine + config.vm.provider :virtualbox do |vb| + vb.customize ["modifyvm", :id, "--memory", properties.fetch("memory")] + vb.customize ["modifyvm", :id, "--cpus", properties.fetch("cpus")] + end + + end + + config.vm.synced_folder "src/atom", "/usr/share/nginx/atom", create: true + + # Ansible provisioning + config.vm.provision :ansible do |ansible| + ansible.playbook = "./singlenode-qa.yml" + ansible.host_key_checking = false + ansible.extra_vars = { + "atom_user" => "vagrant", + "atom_group" => "vagrant", + "atom_environment_type" => "development", + "atom_flush_data" => "yes", + "elasticsearch_network_bind_host" => "0.0.0.0", + "es_config" => { + "network.host" => "0.0.0.0" + } + } + ansible.verbose = 'v' + ansible.raw_arguments = ENV['ANSIBLE_ARGS'] + end + +end diff --git a/playbooks/binder-trusty/ansible.cfg b/playbooks/binder-trusty/ansible.cfg new file mode 100644 index 00000000..c30e8169 --- /dev/null +++ b/playbooks/binder-trusty/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +nocows=1 diff --git a/playbooks/binder-trusty/requirements.yml b/playbooks/binder-trusty/requirements.yml new file mode 100644 index 00000000..23bd06ce --- /dev/null +++ b/playbooks/binder-trusty/requirements.yml @@ -0,0 +1,40 @@ +--- +- src: "https://github.com/geerlingguy/ansible-role-java" + version: "master" + name: "geerlingguy.java" + path: "roles/" + +- src: "https://github.com/elastic/ansible-elasticsearch" + version: "master" + name: "elastic.elasticsearch" + path: "roles/" + +- src: "https://github.com/artefactual-labs/ansible-elasticsearch" + version: "master" + name: "artefactual.elasticsearch" + path: "roles/" + +- src: "https://github.com/artefactual-labs/ansible-percona" + version: "master" + name: "artefactual.percona" + path: "roles/" + +- src: "https://github.com/artefactual-labs/ansible-memcached" + version: "master" + name: "artefactual.memcached" + path: "roles/" + +- src: "https://github.com/artefactual-labs/ansible-gearman" + version: "master" + name: "artefactual.gearman" + path: "roles/" + +- src: "https://github.com/artefactual-labs/ansible-nginx" + version: "master" + name: "artefactual.nginx" + path: "roles/" + +- src: "https://github.com/artefactual-labs/ansible-atom" + version: "master" + name: "artefactual.atom" + path: "roles/" diff --git a/playbooks/binder-trusty/singlenode-0.8.yml b/playbooks/binder-trusty/singlenode-0.8.yml new file mode 100644 index 00000000..b8aa2673 --- /dev/null +++ b/playbooks/binder-trusty/singlenode-0.8.yml @@ -0,0 +1,40 @@ +--- +- hosts: "binder-local" + + pre_tasks: + + - include_vars: "vars-singlenode-0.8.yml" + tags: + - "always" + + roles: + + - role: "artefactual.elasticsearch" + become: "yes" + tags: + - "elasticsearch" + + - role: "artefactual.percona" + become: "yes" + tags: + - "percona" + + - role: "artefactual.memcached" + become: "yes" + tags: + - "memcached" + + - role: "artefactual.gearman" + become: "yes" + tags: + - "gearman" + + - role: "artefactual.nginx" + become: "yes" + tags: + - "nginx" + + - role: "artefactual.atom" + become: "yes" + tags: + - "atom" diff --git a/playbooks/binder-trusty/singlenode-qa.yml b/playbooks/binder-trusty/singlenode-qa.yml new file mode 100644 index 00000000..bdc04e40 --- /dev/null +++ b/playbooks/binder-trusty/singlenode-qa.yml @@ -0,0 +1,52 @@ +--- +- hosts: "binder-local" + + pre_tasks: + + - include_vars: "vars-singlenode-qa.yml" + tags: + - "always" + + - name: "Installing PPA for Java 8" + apt_repository: + repo: "ppa:openjdk-r/ppa" + become: "yes" + tags: + - "always" + + roles: + + - role: "geerlingguy.java" + become: "yes" + tags: + - "java" + + - role: "elastic.elasticsearch" + become: "yes" + tags: + - "elasticsearch" + + - role: "artefactual.percona" + become: "yes" + tags: + - "percona" + + - role: "artefactual.memcached" + become: "yes" + tags: + - "memcached" + + - role: "artefactual.gearman" + become: "yes" + tags: + - "gearman" + + - role: "artefactual.nginx" + become: "yes" + tags: + - "nginx" + + - role: "artefactual.atom" + become: "yes" + tags: + - "atom" diff --git a/playbooks/binder-trusty/vars-singlenode-0.8.yml b/playbooks/binder-trusty/vars-singlenode-0.8.yml new file mode 100644 index 00000000..2eee1ea4 --- /dev/null +++ b/playbooks/binder-trusty/vars-singlenode-0.8.yml @@ -0,0 +1,119 @@ +--- + +# PLEASE NOTE THAT THE PASSWORD VALUES USED HERE ARE NOT SAFE + +# +# atom role +# + +atom_path: "/usr/share/nginx/atom" +atom_repository_url: "https://github.com/artefactual/binder.git" +atom_repository_version: "stable/0.8.x" +atom_config_db_hostname: "127.0.0.1" +atom_config_db_name: "atom" +atom_config_db_username: "atom-user" +atom_config_db_password: "ATOMPASSWORD" +atom_config_db_port: "3306" +atom_es_host: "127.0.0.1" +atom_es_port: "9200" +atom_es_batch_size: "100" +atom_es_config_version: "2.1" +atom_mysql_user_name: "atom-user" +atom_mysql_user_pass: "ATOMPASSWORD" +atom_mysql_user_priv: "atom.*:ALL,GRANT" +atom_mysql_user_host: "%" +atom_drmc: "yes" +atom_drmc_es_scripts: "yes" +atom_worker_old_config: "yes" +atom_pool_php_envs: + ATOM_DRMC_TMS_URL: "http://artefactual.mockable.io/tms" + ARCHIVEMATICA_SS_HOST: "192.168.168.192" + ARCHIVEMATICA_SS_PORT: "8000" + ARCHIVEMATICA_SS_PIPELINE_UUID: "CHANGE_ME" + ARCHIVEMATICA_SS_USER: "test" + ARCHIVEMATICA_SS_API_KEY: "CHANGE_ME" + +# +# nginx role +# + +nginx_configs: + atom_backend: + - upstream atom { + server unix:/var/run/php-fpm.atom.sock; + } + +nginx_sites: + atom: + - listen 80 + - set $atom_path {{ atom_path }} + - root $atom_path + - server_name _ + - client_max_body_size 72M + - location /api/docs { + index index.html; + alias $atom_path/plugins/arDrmcPlugin/frontend/docs/build/html; + } + - set $alt_request_uri $request_uri + - location /drmc/ { + error_page 404 = @drmc; + log_not_found off; + set $alt_request_uri /drmc/index; + } + - location @drmc { + rewrite ^/drmc/(.*)$ /index.php last; + } + - location / { + try_files $uri /index.php?$args; + } + - location ~ /\. { + deny all; + return 404; + } + - location ~* (\.yml|\.ini|\.tmpl)$ { + deny all; + return 404; + } + - location ~* /(?:uploads|files)/.*\.php$ { + deny all; + return 404; + } + - location ~ ^/(index|qubit_dev)\.php(/|$) { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REQUEST_URI $alt_request_uri; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_pass atom; + } + - location ~* \.php$ { + deny all; + return 404; + } + +# +# elasticsearch role +# + +elasticsearch_version: "1.7.6" +elasticsearch_heap_size: "1g" + +# +# percona role +# + +mysql_version_major: "5" +mysql_version_minor: "5" + +mysql_databases: + - name: "atom" + collation: "utf8_general_ci" + encoding: "utf8" + +mysql_users: + - name: "{{ atom_mysql_user_name }}" + pass: "{{ atom_mysql_user_pass }}" + priv: "{{ atom_mysql_user_priv }}" + host: "{{ atom_mysql_user_host }}" + +mysql_root_password: "MYSQLROOTPASSWORD" +mysql_bind_address: "0.0.0.0" diff --git a/playbooks/binder-trusty/vars-singlenode-qa.yml b/playbooks/binder-trusty/vars-singlenode-qa.yml new file mode 100644 index 00000000..d362864f --- /dev/null +++ b/playbooks/binder-trusty/vars-singlenode-qa.yml @@ -0,0 +1,131 @@ +--- + +# PLEASE NOTE THAT THE PASSWORD VALUES USED HERE ARE NOT SAFE + +# +# atom role +# + +atom_path: "/usr/share/nginx/atom" +atom_repository_url: "https://github.com/artefactual/binder.git" +atom_repository_version: "qa/0.9.x" +atom_config_db_hostname: "127.0.0.1" +atom_config_db_name: "atom" +atom_config_db_username: "atom-user" +atom_config_db_password: "ATOMPASSWORD" +atom_config_db_port: "3306" +atom_es_host: "127.0.0.1" +atom_es_port: "9200" +atom_es_batch_size: "100" +atom_es_fields_limit: "6000" +atom_es_config_version: "2.5" +atom_mysql_user_name: "atom-user" +atom_mysql_user_pass: "ATOMPASSWORD" +atom_mysql_user_priv: "atom.*:ALL,GRANT" +atom_mysql_user_host: "%" +atom_drmc: "yes" +atom_drmc_es_scripts: "no" +atom_worker_old_config: "yes" +atom_pool_php_envs: + ATOM_DRMC_TMS_URL: "http://artefactual.mockable.io/tms" + ARCHIVEMATICA_SS_HOST: "192.168.168.192" + ARCHIVEMATICA_SS_PORT: "8000" + ARCHIVEMATICA_SS_PIPELINE_UUID: "CHANGE_ME" + ARCHIVEMATICA_SS_USER: "test" + ARCHIVEMATICA_SS_API_KEY: "CHANGE_ME" + +# +# nginx role +# + +nginx_configs: + atom_backend: + - upstream atom { + server unix:/var/run/php-fpm.atom.sock; + } + +nginx_sites: + atom: + - listen 80 + - set $atom_path {{ atom_path }} + - root $atom_path + - server_name _ + - client_max_body_size 72M + - location /api/docs { + index index.html; + alias $atom_path/plugins/arDrmcPlugin/frontend/docs/build/html; + } + - set $alt_request_uri $request_uri + - location /drmc/ { + error_page 404 = @drmc; + log_not_found off; + set $alt_request_uri /drmc/index; + } + - location @drmc { + rewrite ^/drmc/(.*)$ /index.php last; + } + - location / { + try_files $uri /index.php?$args; + } + - location ~ /\. { + deny all; + return 404; + } + - location ~* (\.yml|\.ini|\.tmpl)$ { + deny all; + return 404; + } + - location ~* /(?:uploads|files)/.*\.php$ { + deny all; + return 404; + } + - location ~ ^/(index|qubit_dev)\.php(/|$) { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REQUEST_URI $alt_request_uri; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_pass atom; + } + - location ~* \.php$ { + deny all; + return 404; + } + +# +# java role +# + +java_packages: + - openjdk-8-jdk + +# +# elasticsearch role +# + +es_java_install: false +es_instance_name: "atom_node" +es_heap_size: "1g" +es_allow_downgrades: true +es_major_version: "5.x" +es_version: "5.6.9" + +# +# percona role +# + +mysql_version_major: "5" +mysql_version_minor: "5" + +mysql_databases: + - name: "atom" + collation: "utf8_general_ci" + encoding: "utf8" + +mysql_users: + - name: "{{ atom_mysql_user_name }}" + pass: "{{ atom_mysql_user_pass }}" + priv: "{{ atom_mysql_user_priv }}" + host: "{{ atom_mysql_user_host }}" + +mysql_root_password: "MYSQLROOTPASSWORD" +mysql_bind_address: "0.0.0.0"