From 6827312718d1c9df17698e36adee360e9037ae14 Mon Sep 17 00:00:00 2001 From: Kaitlyn Parkhurst Date: Sat, 19 Nov 2022 22:47:24 -0800 Subject: [PATCH] Build server no longer uses ansible. --- .../files/ansible/deploy-website.yml | 10 --- .../files/ansible/purge-website.yml | 9 --- .../roles/deploy-website/tasks/main.yml | 29 -------- .../templates/lighttpd-conf-domain.j2 | 22 ------ .../templates/markdownsite-config.yml.j2 | 3 - .../templates/sites-available-config.j2 | 36 ---------- .../roles/purge-website/tasks/main.yml | 15 ---- .../mjb-profile-buildserver/tasks/ansible.yml | 71 ------------------- 8 files changed, 195 deletions(-) delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/files/ansible/deploy-website.yml delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/files/ansible/purge-website.yml delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/tasks/main.yml delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/lighttpd-conf-domain.j2 delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/markdownsite-config.yml.j2 delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/sites-available-config.j2 delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/purge-website/tasks/main.yml delete mode 100644 devops/ansible/roles/mjb-profile-buildserver/tasks/ansible.yml diff --git a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/deploy-website.yml b/devops/ansible/roles/mjb-profile-buildserver/files/ansible/deploy-website.yml deleted file mode 100644 index a43cd12..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/deploy-website.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Deploy Website - remote_user: root - hosts: all - vars: - ansible_ssh_common_args: -oControlMaster=auto -oControlPersist=60s -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -i/home/minion/.ssh/id_rsa_ansible - site: "{{ lookup('file', lookup('env', 'MARKDOWNSITE_CONFIG') ) | from_yaml }}" - roles: - - deploy-website diff --git a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/purge-website.yml b/devops/ansible/roles/mjb-profile-buildserver/files/ansible/purge-website.yml deleted file mode 100644 index f5ce454..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/purge-website.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Deploy Website - remote_user: root - hosts: all - vars: - ansible_ssh_common_args: -oControlMaster=auto -oControlPersist=60s -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -i/home/minion/.ssh/id_rsa_ansible - roles: - - purge-website diff --git a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/tasks/main.yml b/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/tasks/main.yml deleted file mode 100644 index 7fe61a5..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Install /etc/nginx/sites-enabled/{{ site.domain }} - template: - src: "{{ role_path }}/templates/sites-available-config.j2" - dest: "/etc/nginx/sites-enabled/{{ site.domain }}" - owner: root - group: root - mode: '0644' - ignore_errors: yes # Custom config with chattr +i, don't fail on error. - -- name: Remove any prexisting /var/www/{{ site.domain }}. - file: - path: "/var/www/{{ site.domain }}" - state: absent - -- name: Ensure /var/www/{{ site.domain }} is populated. - copy: - src: "{{ site.www_dir }}" - dest: "/var/www/{{ site.domain }}" - mode: '0644' - directory_mode: '0755' - owner: 'www-data' - group: 'www-data' - -- name: Reload nginx to begin serving the website. - systemd: - name: nginx - state: reloaded - diff --git a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/lighttpd-conf-domain.j2 b/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/lighttpd-conf-domain.j2 deleted file mode 100644 index b623ba0..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/lighttpd-conf-domain.j2 +++ /dev/null @@ -1,22 +0,0 @@ -$HTTP["host"] =~ "^{% raw %}{{ site.domain }}{% endraw %}$" { - $SERVER["socket"] == ":443" { - # SSL Settings - ssl.engine = "enable" - ssl.pemfile = "/etc/letsencrypt/live/{{ domain.hosted }}/cert.pem" - ssl.ca-file = "/etc/letsencrypt/live/{{ domain.hosted }}/fullchain.pem" - ssl.privkey = "/etc/letsencrypt/live/{{ domain.hosted }}/privkey.pem" - - # Docroot & Logs. - server.document-root = "/var/www/{% raw %}{{ site.domain }}{% endraw %}/html" - server.errorlog = "/var/log/lighttpd/{% raw %}{{ site.domain }}{% endraw %}.error.log" - accesslog.filename = "/var/log/lighttpd/{% raw %}{{ site.domain }}{% endraw %}.access.log" - - # Pass to Markdown::CGI if there is no static file to serve. - magnet.attract-physical-path-to = ( "/etc/lighttpd/rewrite.lua" ) - } - - # Redirect http -> https - $SERVER["socket"] == ":80" { - url.redirect = ( "^/(.*)" => "https://{% raw %}{{ site.domain }}{% endraw %}/$1" ) - } -} diff --git a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/markdownsite-config.yml.j2 b/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/markdownsite-config.yml.j2 deleted file mode 100644 index 7a3f6cb..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/markdownsite-config.yml.j2 +++ /dev/null @@ -1,3 +0,0 @@ ---- -domain: {{ site.domain }} - diff --git a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/sites-available-config.j2 b/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/sites-available-config.j2 deleted file mode 100644 index 7641a21..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/deploy-website/templates/sites-available-config.j2 +++ /dev/null @@ -1,36 +0,0 @@ -server { - server_name {{ site.domain }}; - root /var/www/{{ site.domain }}/html; - index index.html; - - error_log /var/log/nginx/{{ site.domain }}symkat.com.error.log warn; - access_log /var/log/nginx/{{ site.domain }}symkat.com.access.log combined; - - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/{{ site.domain }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ site.domain }}/privkey.pem; - - ssl_session_cache shared:le_nginx_SSL:10m; - ssl_session_timeout 1440m; - ssl_session_tickets off; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers off; - - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - - ssl_dhparam /etc/nginx/ssl-dhparams.pem; - -} - -server { - if ($host = {{ site.domain }}) { - return 301 https://$host$request_uri; - } - - listen 80; - server_name {{ site.domain }} - return 404; -} - - diff --git a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/purge-website/tasks/main.yml b/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/purge-website/tasks/main.yml deleted file mode 100644 index 3f8e65b..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/files/ansible/roles/purge-website/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: "Remove /etc/lighttpd/conf.d/{{ domain }}." - file: - path: "/etc/lighttpd/conf.d/{{ domain }}" - state: absent - -- name: "Remove any prexisting /var/www/{{ domain }}." - file: - path: "/var/www/{{ domain }}" - state: absent - -- name: "Reload lighttpd to stop serving {{ domain }}." - systemd: - name: lighttpd - state: reloaded diff --git a/devops/ansible/roles/mjb-profile-buildserver/tasks/ansible.yml b/devops/ansible/roles/mjb-profile-buildserver/tasks/ansible.yml deleted file mode 100644 index 7c0dfec..0000000 --- a/devops/ansible/roles/mjb-profile-buildserver/tasks/ansible.yml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Install packages - apt: - name: [ 'gnupg2', 'curl', 'rsync' ] - -- name: Add the ansible key. - apt_key: - keyserver: keyserver.ubuntu.com - id: 93C4A3FD7BB9C367 - -- name: Install ansible.list for apt. - copy: - dest: /etc/apt/sources.list.d/ansible.list - content: "deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" - owner: root - group: root - mode: 0755 - -- name: Reload apt with new source - apt: - name: "*" - state: latest - update_cache: yes - -- name: Install packages - apt: - name: [ - 'ansible', - 'ansible-core', - 'podman', - ] - state: present - -- name: Install ansible roles for deployment - copy: - src: "{{ role_path }}/files/ansible/" - dest: "/etc/ansible" - mode: '0644' - directory_mode: '0755' - owner: 'root' - group: 'root' - -- name: "Delete /etc/ansible/hosts." - file: - path: /etc/ansible/hosts - state: absent - -- name: "Create /etc/ansible/hosts." - copy: - dest: /etc/ansible/hosts - content: "[webservers]" - owner: root - group: root - mode: 0644 - -- name: "Add hosts to /etc/ansible/hosts" - lineinfile: - path: /etc/ansible/hosts - line: "{{ item }}" - owner: root - group: root - mode: '0644' - with_items: "{{ deploy_addresses }}" - -- name: "Install SSH Key for manager to use ansible" - copy: - dest: /home/manager/.ssh/id_rsa - src: "{{ inventory_dir }}/files/ssh/id_rsa" - owner: manager - group: manager - mode: 0600 -