Provisioning fixes

dreikanter · Jan 10, 2017 · 0af80a7 · 0af80a7
1 parent d58e93f
commit 0af80a7
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 17 deletions.
diff --git a/deploy.yml b/deploy.yml
@@ -5,18 +5,28 @@
   tasks:
     - set_fact:
         new_release_name: "{{ app_name }}-{{ lookup('pipe', 'date -u +%Y%m%d%H%M%S') }}"
-        run_once: yes
+
     - set_fact:
         new_release_path: "{{ releases_path }}/{{ new_release_name }}"
-        run_once: true
+
+    # TODO: Load admin credentials from secure location
+
+    - when: (http_basic_auth_enabled is defined and http_basic_auth_enabled) and (http_basic_auth_user is not defined)
+      set_fact:
+        http_basic_auth_user: "{{ lookup('env', 'http_basic_auth_user') }}"
+
+    - when: (http_basic_auth_enabled is defined and http_basic_auth_enabled) and (http_basic_auth_password is not defined)
+      set_fact:
+        http_basic_auth_password: "{{ lookup('env', 'http_basic_auth_password') }}"
 
 - name: ensure directories structure exists
   hosts:
     - app
     - work
   gather_facts: no
   tasks:
-    - file:
+    - become: yes
+      file:
         path: "{{ item }}"
         state: directory
         owner: "{{ deploy_user }}"

diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -65,3 +65,5 @@ secrets_vault_private_key_path: "/secrets/secrets_vault_key"
 
 puma_config_file: "{{ app_path }}/config/puma.rb"
 puma_socket: "{{sockets_path}}/puma.sock"
+
+http_basic_auth_enabled: no
diff --git a/inventory/staging b/inventory/staging
@@ -22,3 +22,7 @@ ansible_ssh_private_key_file = /secrets/rails_ansible_staging
 git_branch = master
 rails_env = production
 push_ruby_binaries = yes
+
+http_basic_auth_enabled = yes
+http_basic_auth_user = admin
+http_basic_auth_password = admin
diff --git a/roles/common/tasks/tools.yml b/roles/common/tasks/tools.yml
@@ -21,3 +21,4 @@
     - libcurl3-gnutls
     - libcurl4-openssl-dev
     - libsqlite3-dev
+    - tree
diff --git a/roles/puma/tasks/main.yml b/roles/puma/tasks/main.yml
@@ -14,20 +14,19 @@
 - name: enable and start service
   become: yes
   systemd:
-    name: "{{ puma_service_name }}"
+    name: "puma"
     daemon_reload: yes
     state: restarted
     enabled: true
 
-# # TODO: Lookup for http_basic_auth_* env vars
-# - name: generate .htpasswd
-#   when: (http_basic_auth is defined) and http_basic_auth
-#   htpasswd:
-#     create: yes
-#     state: present
-#     name: "{{ http_basic_auth_name }}"
-#     password: "{{ http_basic_auth_password }}"
-#     path: "{{ app_path }}/config/.htpasswd"
+- name: generate .htpasswd
+  when: (http_basic_auth_enabled is defined) and http_basic_auth_enabled
+  htpasswd:
+    create: yes
+    state: present
+    name: "{{ http_basic_auth_user }}"
+    password: "{{ http_basic_auth_password }}"
+    path: "{{ app_path }}/config/.htpasswd"
 
 - name: ensure nginx site configuration present
   become: yes

diff --git a/roles/puma/templates/puma.service.j2 b/roles/puma/templates/puma.service.j2
@@ -3,7 +3,7 @@
 [Unit]
 Description=Puma HTTP Server
 After=network.target
-Requires={{ puma_service_name }}.socket
+Requires=puma.socket
 
 [Service]
 Type=simple

diff --git a/roles/ruby/tasks/30-build-ruby.yml b/roles/ruby/tasks/30-build-ruby.yml
@@ -20,13 +20,12 @@
   become: yes
   become_user: "{{ deploy_user }}"
   shell: ruby-install --install-dir {{ ruby_path }} ruby {{ ruby_version }} -- --disable-install-rdoc
-  when: (push_ruby_binaries is not defined or not push_ruby_binaries) and (ruby_installed.stat.isdir is not defined)
+  when: (push_ruby_binaries is not defined) or (not push_ruby_binaries) and (ruby_installed.stat.isdir is not defined)
 
 - name: push prebuilt ruby binaries from local machine
   become: yes
   become_user: "{{ deploy_user }}"
-  when: push_ruby_binaries is defined and push_ruby_binaries
-  # and (ruby_installed.stat.isdir is not defined)
+  when: "{{ (push_ruby_binaries is defined) and push_ruby_binaries }}"
   synchronize:
     src: "{{ local_ruby_path }}/"
     dest: "{{ ruby_path }}"