forked from ome/prod-playbooks
-
Notifications
You must be signed in to change notification settings - Fork 1
/
nightshade-webclients.yml
202 lines (176 loc) · 7 KB
/
nightshade-webclients.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# Install OMERO.web with a public user on localhost
# To allow the OMERO.webapps to upgrade, pass `--extra-vars upgrade_webapps=True`
# to ansible-playbook on the command line.
- hosts: ns-webclients
pre_tasks:
# Set desired state of webapps (upgrade v.s. install/keep current version)
- name: OMERO.web plugin upgrade | set default state "installed"
set_fact:
webapps_state: present
- name: OMERO.web plugin upgrade | if --extra-vars upgrade_webapps == True, allow web plugin(s) to upgrade.
set_fact:
webapps_state: latest
when: upgrade_webapps is defined and upgrade_webapps == "True"
roles:
# Root LV Size
- role: openmicroscopy.lvm-partition
tags: lvm
lvm_lvname: "{{ provision_root_lvname }}"
lvm_vgname: "{{ provision_root_vgname }}"
lvm_lvmount: /
lvm_lvsize: "{{ provision_rootsize }}"
lvm_lvfilesystem: "{{ provision_root_filesystem }}"
# OMERO.web configuration in host_vars in different repository
- role: openmicroscopy.omero-web
omero_web_release: 5.4.9
omero_web_systemd_limit_nofile: 16384
# Now OME are using RHEL without Spacewalk, the current best-method of
# checking `is server deployed in Dundee/SLS` is checking for the SLS nameservers.
- role: openmicroscopy.system-monitor-agent
when: "'10.1.255.216' in ansible_dns.nameservers"
- role: openmicroscopy.ssl-certificate
# Configuration for this role in `vars`
post_tasks:
- name: Omero.web plugins | plugin install via pip & pypi
become: yes
pip:
name:
- "omero-figure{{ omero_figure_version_req | default('') }}"
- "omero-webtagging-autotag"
- "omero-webtagging-tagsearch"
editable: False
state: "{{ webapps_state }}"
# variable comes from role openmicroscopy.omero-web
virtualenv: "{{ omero_web_basedir }}/venv"
virtualenv_site_packages: yes
notify:
- restart omero-web
- name: Omero.web plugins | plugin install via pip & pypi
become: yes
pip:
name:
- "omero-fpbioimage"
- "omero-iviewer"
- "omero-parade"
editable: False
state: "{{ webapps_state }}"
# variable comes from role openmicroscopy.omero-web
virtualenv: "{{ omero_web_basedir }}/venv"
virtualenv_site_packages: yes
when: "'ns-web.openmicroscopy.org' in inventory_hostname"
notify:
- restart omero-web
- name: Install open-vm-tools if system is a VMware vm
become: yes
yum:
name: open-vm-tools
state: present
when: >
((ansible_virtualization_type is defined)
and (ansible_virtualization_type == "VMware"))
# (Total cores / 2), leaving some for WSGI
# post 2.3 'dest' should be renamed 'path'
- name: NGINX - Performance tuning - worker processes
become: yes
replace:
dest: "/etc/nginx/nginx.conf"
regexp: '^worker_processes\s+\d+;'
replace: "worker_processes {{ ((ansible_processor_count * ansible_processor_cores) / 2) |round|int }};"
# post 2.3 'dest' should be renamed 'path'
# cf https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration
- name: NGINX - Performance tuning - worker connections
become: yes
replace:
dest: "/etc/nginx/nginx.conf"
regexp: 'worker_connections\s+\d+;'
replace: "worker_connections 65000;"
# post 2.3 'destfile' should be renamed 'path'
# TODO: Move this to /etc/nginx/conf.d-nested-includes/omero-web-ssl.conf
- name: NGINX - SSL Configuration - Additional listen port
become: yes
lineinfile:
destfile: /etc/nginx/conf.d/omero-web.conf
insertafter: ' listen 80;'
line: ' listen 443 ssl;'
# post 2.3 'destfile' should be renamed 'path'
# TODO: Move this to /etc/nginx/conf.d-nested-includes/omero-web-ssl.conf
- name: NGINX - SSL Configuration - Rest of SSL section to omero-web.conf
become: yes
blockinfile:
destfile: /etc/nginx/conf.d/omero-web.conf
insertbefore: '.*sendfile.*'
block: |2+
ssl_certificate {{ ssl_certificate_bundled_path }};
ssl_certificate_key {{ ssl_certificate_key_path }};
ssl_protocols {{ nginx_ssl_protocols }}
if ($ssl_protocol = "") {
rewrite ^/(.*) https://$host/$1 permanent;
}
notify:
- restart nginx
- name: NGINX - create nested includes directory
become: yes
file:
path: /etc/nginx/conf.d-nested-includes
state: directory
- name: NGINX - omero-web.conf nested includes
become: yes
lineinfile:
destfile: /etc/nginx/conf.d/omero-web.conf
insertafter: 'server {'
line: ' include /etc/nginx/conf.d-nested-includes/*.conf;'
notify:
- restart nginx
# Config for OMERO.web plugins, loaded into OMERO.web by the
# omero.web systemd restart.
- name:
become: yes
template:
src: templates/omero-web-config-for-webapps.j2
dest: "{{ omero_web_basedir }}/config/omero-web-config-for-webapps.omero"
owner: "root"
group: "root"
mode: "u=rw,go=r"
when: "'ns-web.openmicroscopy.org' in inventory_hostname"
notify:
- restart omero-web
# Config for OMERO.web plugins, loaded into OMERO.web by the
# omero.web systemd restart.
- name:
become: yes
template:
src: templates/omero-web-config-for-webapps_ns-web-pub.j2
dest: "{{ omero_web_basedir }}/config/omero-web-config-for-webapps.omero"
owner: "root"
group: "root"
mode: "u=rw,go=r"
when: "'ns-web-pub.openmicroscopy.org' in inventory_hostname"
notify:
- restart omero-web
- name: NGINX - Configuration - Custom Paper Redirect
tags: redirect
become: yes
blockinfile:
marker: "# {mark} ANSIBLE MANAGED BLOCK - Custom Redirects"
path: /etc/nginx/conf.d/omero-web.conf
# Before last line in conf file
insertbefore: '^\}$'
block: |2+
location /pub/schleicher-et-al-2017 {
return 307 /webclient/?show=project-27936;
}
when: "'ns-web-pub.openmicroscopy.org' in inventory_hostname"
notify:
- restart nginx
vars:
omero_web_config_set: "{{ omero_web_config_set_for_group | combine(omero_web_config_set_for_host) }}"
# Server path to SSL public certificate
ssl_certificate_public_path: /etc/nginx/ssl/server.crt
# Server path to SSL intermediate certificate(s)
ssl_certificate_intermediate_path: /etc/nginx/ssl/intermediate.crt
# Server path to SSL bundled public and intermediate certificates
ssl_certificate_bundled_path: /etc/nginx/ssl/bundled.crt
# Server path to SSL certificate key
ssl_certificate_key_path: /etc/nginx/ssl/server.key
# Server path to SSL combined certificate and key, set to empty to disable
ssl_certificate_combined_path: ''