From 399fa7f8432dd38411b0576c5f87efb48a27a616 Mon Sep 17 00:00:00 2001 From: Miguel Angel Date: Thu, 6 Aug 2020 21:51:07 +0200 Subject: [PATCH 1/7] Use a different revision dir for every site update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the `atom_revision_directory` variable is set to `yes`, a new `$atom_path/atom-COMMIT_ID` directory is created for every update and a `$atom_path/$atom_revision_directory_latest_symlink_dir` symlink is created pointing to the latest revision dir. For instance: ``` /usr/share/nginx/atom ├── atom-0134577b6ecd763dedf82a7eee4ddc35043c5345 ├── atom-1234567b6ecd763dedf92a7bad4ddc35043c5438 ├── atom-381f849b6ecd763dedf92a7bad43cc350a3c5439 ├── downloads ├── private -> /usr/share/nginx/atom/src ├── src -> /usr/share/nginx/atom/atom-381f849b6ecd763dedf92a7bad43cc350a3c5439 └── uploads ``` --- README.md | 20 +++++++++ defaults/main.yml | 9 ++-- handlers/main.yml | 2 +- tasks/basic.yml | 42 +++++++++--------- tasks/build.yml | 4 +- tasks/drmc-mock.yml | 6 +-- tasks/flush.yml | 10 ++--- tasks/main.yml | 44 +++++++++++++++++++ tasks/plugins.yml | 8 ++-- tasks/revision-dir.yml | 32 ++++++++++++++ tasks/search.yml | 2 +- tasks/symlink-dirs.yml | 13 ++++++ tasks/uploads-dir.yml | 6 +-- templates/etc/init/atom-worker.conf | 6 +++ templates/etc/init/drmc-mock.conf | 4 ++ .../lib/systemd/system/atom-worker.service | 4 ++ 16 files changed, 169 insertions(+), 43 deletions(-) create mode 100644 tasks/revision-dir.yml create mode 100644 tasks/symlink-dirs.yml diff --git a/README.md b/README.md index 4dc2ab3..6638772 100644 --- a/README.md +++ b/README.md @@ -101,3 +101,23 @@ as `atom-site` in the role (i.e., tasks required to deploy a site) and skip the tasks that are required only once per host deploy. The database and user for the new site will also need to be configured in the database server if not done already. + +## Use a different revision dir for every site update + +When the `atom_revision_directory` variable is set to `yes`, a new +`$atom_path/atom-COMMIT_ID` directory is created for every update and a +`$atom_path/$atom_revision_directory_latest_symlink_dir` symlink is created +pointing to the latest revision dir. + +For instance: + +``` +/usr/share/nginx/atom +├── atom-0134577b6ecd763dedf82a7eee4ddc35043c5345 +├── atom-1234567b6ecd763dedf92a7bad4ddc35043c5438 +├── atom-381f849b6ecd763dedf92a7bad43cc350a3c5439 +├── downloads +├── private -> /usr/share/nginx/atom/src +├── src -> /usr/share/nginx/atom/atom-381f849b6ecd763dedf92a7bad43cc350a3c5439 +└── uploads +``` diff --git a/defaults/main.yml b/defaults/main.yml index 7289ad3..6c2954f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,6 +15,9 @@ atom_install_dependencies: "true" # Install some extra packages specific to our official Vagrant-based # development box. See `tasks/devbox.yml` for more details. atom_devbox: "no" +# Use a different AtoM directory for each revision +atom_revision_directory: "no" +atom_revision_directory_latest_symlink_dir: "src" # # Choose php version to use @@ -50,9 +53,9 @@ atom_build_static_assets: "yes" # Themes (to build) atom_themes: - - path: "{{ atom_path }}/plugins/arDominionPlugin" + - path: "{{ atom_path }}/{{ atom_extra_path }}/plugins/arDominionPlugin" build_cmd: "make" - - path: "{{ atom_path }}/plugins/arArchivesCanadaPlugin" + - path: "{{ atom_path }}/{{ atom_extra_path }}/plugins/arArchivesCanadaPlugin" build_cmd: "make" # Plug-ins @@ -204,7 +207,7 @@ atom_pool_php_envs: # atom_drmc: "no" -atom_drmc_path: "{{ atom_path }}/plugins/arDrmcPlugin/frontend" +atom_drmc_path: "{{ atom_path }}/{{ atom_extra_path }}/plugins/arDrmcPlugin/frontend" # Install Mock API atom_drmc_mock: "no" # Copy ES plugins to /etc/elasticsearch diff --git a/handlers/main.yml b/handlers/main.yml index c8ffb0d..5f34c50 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -29,7 +29,7 @@ - name: "Clear sf_cache" shell: "php symfony cc" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" become_user: "{{ atom_user }}" environment: - "{{ atom_pool_php_envs }}" diff --git a/tasks/basic.yml b/tasks/basic.yml index 49071e3..227923a 100644 --- a/tasks/basic.yml +++ b/tasks/basic.yml @@ -10,24 +10,24 @@ - name: "Create site directory if it doesn't exist'" file: - path: "{{ atom_path }}" + path: "{{ atom_path }}/{{ atom_extra_path }}" state: "directory" owner: "{{ atom_user }}" group: "{{ atom_group }}" mode: "u=rwx,g=rwx,o=rx" - name: "Cleanup cache/ directory" - command: "rm -rf {{ atom_path }}/cache/*" + command: "rm -rf {{ atom_path }}/{{ atom_extra_path }}/cache/*" - name: "Temporarily delete uploads symlink to avoid long waits on recursive chmod" file: state: "absent" - path: "{{ atom_path }}/uploads" + path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" when: "atom_uploads_symlink is defined" - name: "Temporarily change permissions of site directory to be able to clone repo" file: - path: "{{ atom_path }}" + path: "{{ atom_path }}/{{ atom_extra_path }}" state: "directory" mode: "o+w" recurse: yes @@ -37,7 +37,7 @@ update: "yes" repo: "{{ atom_repository_url }}" version: "{{ atom_repository_version }}" - dest: "{{ atom_path }}" + dest: "{{ atom_path }}/{{ atom_extra_path }}" accept_hostkey: "yes" notify: - "Clear sf_cache" @@ -46,7 +46,7 @@ - name: "Restore permissions and fix ownership of site directory" file: - path: "{{ atom_path }}" + path: "{{ atom_path }}/{{ atom_extra_path }}" state: "directory" owner: "{{ atom_user }}" group: "{{ atom_group }}" @@ -55,7 +55,7 @@ - name: "Create log directory" file: - path: "{{ atom_path }}/log" + path: "{{ atom_path }}/{{ atom_extra_path }}/log" state: "directory" owner: "{{ atom_user }}" group: "{{ atom_group }}" @@ -70,19 +70,19 @@ backup: "yes" with_items: - src: "{{ atom_template_config_php }}" - dest: "{{ atom_path }}/config/config.php" + dest: "{{ atom_path }}/{{ atom_extra_path }}/config/config.php" - src: "{{ atom_template_propel_ini }}" - dest: "{{ atom_path }}/config/propel.ini" + dest: "{{ atom_path }}/{{ atom_extra_path }}/config/propel.ini" - src: "{{ atom_template_app_yml }}" - dest: "{{ atom_path }}/apps/qubit/config/app.yml" + dest: "{{ atom_path }}/{{ atom_extra_path }}/apps/qubit/config/app.yml" - src: "{{ atom_template_factories_yml }}" - dest: "{{ atom_path }}/apps/qubit/config/factories.yml" + dest: "{{ atom_path }}/{{ atom_extra_path }}/apps/qubit/config/factories.yml" - src: "{{ atom_template_settings_yml }}" - dest: "{{ atom_path }}/apps/qubit/config/settings.yml" + dest: "{{ atom_path }}/{{ atom_extra_path }}/apps/qubit/config/settings.yml" - src: "{{ atom_template_gearman_yml }}" - dest: "{{ atom_path }}/apps/qubit/config/gearman.yml" + dest: "{{ atom_path }}/{{ atom_extra_path }}/apps/qubit/config/gearman.yml" - src: "{{ atom_template_search_yml }}" - dest: "{{ atom_path }}/apps/qubit/config/search.yml" + dest: "{{ atom_path }}/{{ atom_extra_path }}/apps/qubit/config/search.yml" notify: - "Clear sf_cache" - "Reload PHP service" @@ -90,8 +90,8 @@ - name: "Install sf symlink" file: state: "link" - src: "{{ atom_path }}/vendor/symfony/data/web/sf" - path: "{{ atom_path }}/sf" + src: "{{ atom_path }}/{{ atom_extra_path }}/vendor/symfony/data/web/sf" + path: "{{ atom_path }}/{{ atom_extra_path }}/sf" owner: "{{ atom_user }}" group: "{{ atom_group }}" @@ -107,13 +107,13 @@ - name: "Check if the composer.lock file exists" stat: - path: "{{ atom_path }}/composer.lock" + path: "{{ atom_path }}/{{ atom_extra_path }}/composer.lock" register: composer_lock - name: "Install Composer dependencies for production" composer: command: install - working_dir: "{{ atom_path }}" + working_dir: "{{ atom_path }}/{{ atom_extra_path }}" when: - composer_lock.stat.exists - atom_environment_type != "development" @@ -121,7 +121,7 @@ - name: "Install Composer dependencies for dev" composer: command: install - working_dir: "{{ atom_path }}" + working_dir: "{{ atom_path }}/{{ atom_extra_path }}" no_dev: no when: - composer_lock.stat.exists @@ -130,7 +130,7 @@ - name: "SELinux tasks" block: - name: "Selinux: allow httpd to write on atom folder" - shell: 'semanage fcontext -a -t httpd_sys_rw_content_t {{ atom_path }}\(/.*\)? && restorecon -R -v {{ atom_path }}' + shell: 'semanage fcontext -a -t httpd_sys_rw_content_t {{ atom_path }}/{{ atom_extra_path }}\(/.*\)? && restorecon -R -v {{ atom_path }}/{{ atom_extra_path }}' - name: "Selinux: allow httpd to write on uploads folders" shell: 'semanage fcontext -a -t httpd_sys_rw_content_t {{ atom_uploads_symlink }}\(/.*\)? && restorecon -R -v {{ atom_uploads_symlink }}' when: @@ -144,4 +144,4 @@ - ansible_os_family == "RedHat" - ansible_selinux is defined and ansible_selinux != False and ansible_selinux.status == 'enabled' tags: - - selinux \ No newline at end of file + - selinux diff --git a/tasks/build.yml b/tasks/build.yml index 6fbedc7..0f29eeb 100644 --- a/tasks/build.yml +++ b/tasks/build.yml @@ -7,7 +7,7 @@ - name: "Temporarily change ownership of site directory (to be able to build)" file: - path: "{{ atom_path }}" + path: "{{ atom_path }}/{{ atom_extra_path }}" state: "directory" mode: "o+w" recurse: yes @@ -72,7 +72,7 @@ - name: "Restore permissions and fix ownership of site directory" file: - path: "{{ atom_path }}" + path: "{{ atom_path }}/{{ atom_extra_path }}" state: "directory" owner: "{{ atom_user }}" group: "{{ atom_group }}" diff --git a/tasks/drmc-mock.yml b/tasks/drmc-mock.yml index 6033347..c6461a9 100644 --- a/tasks/drmc-mock.yml +++ b/tasks/drmc-mock.yml @@ -5,9 +5,9 @@ become: "yes" - name: "Install mock api" - shell: "HOME={{ atom_path }} npm install" + shell: "HOME={{ atom_path }}/{{ atom_extra_path }} npm install" args: - chdir: "{{ atom_path }}/plugins/arDrmcPlugin/frontend/mock_api/" + chdir: "{{ atom_path }}/{{ atom_extra_path }}/plugins/arDrmcPlugin/frontend/mock_api/" become: yes become_user: www-data @@ -37,7 +37,7 @@ - name: "Populate data" command: "./populate_sample_data" args: - chdir: "/usr/share/nginx/atom/plugins/arDrmcPlugin/frontend/mock_api" + chdir: "{{ atom_path }}/{{ atom_extra_path }}/plugins/arDrmcPlugin/frontend/mock_api" become: yes diff --git a/tasks/flush.yml b/tasks/flush.yml index 16a58a3..fc57fc6 100644 --- a/tasks/flush.yml +++ b/tasks/flush.yml @@ -11,31 +11,31 @@ - name: "Purge database" shell: "php symfony tools:purge --no-confirmation --email='{{ atom_user_email }}' --username='{{ atom_user_username }}' --password='{{ atom_user_password }}' --title='{{ atom_title }}' --description='{{ atom_description }}' --url='http://undefined'" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" when: "atom_drmc is undefined or not atom_drmc|bool" - name: "Purge DRMC database" shell: "php symfony tools:purge --no-confirmation --email='{{ atom_user_email }}' --username='{{ atom_user_username }}' --password='{{ atom_user_password }}' --title='{{ atom_title }}' --description='{{ atom_description }}'" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" when: "atom_drmc is defined and atom_drmc|bool" - name: "Add initial DRMC data" shell: "php symfony binder:bootstrap" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" when: "atom_drmc is defined and atom_drmc|bool" - name: "Set database settings (only available in DRMC)" shell: "php symfony tools:set-db-setting {{ item.k }} {{ item.v }}" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" when: "atom_drmc is defined and atom_drmc|bool and atom_db_settings is defined" with_items: "{{ atom_db_settings }}" - name: "Add extra super users" shell: "php symfony tools:add-superuser --email='{{ item.email }}' --password='{{ item.password }}' {{ item.username }}" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" when: "atom_extra_superusers is defined" with_items: "{{ atom_extra_superusers }}" diff --git a/tasks/main.yml b/tasks/main.yml index 5912ef3..168f05b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -7,6 +7,41 @@ - "{{ ansible_distribution }}.yml" tags: "always" +- name: "Define default atom_extra_path" + set_fact: + atom_extra_path: "" + tags: + - "atom-basic" + - "atom-build" + - "atom-cli" + - "atom-devbox" + - "atom-downloads" + - "atom-flush" + - "atom-plugins" + - "atom-search" + - "atom-site" + - "atom-uploads" + - "atom-worker" + - "drmc-mock" + +- include: "revision-dir.yml" + when: + - "atom_revision_directory_latest_symlink_dir is defined" + - "atom_revision_directory|bool" + tags: + - "atom-basic" + - "atom-build" + - "atom-cli" + - "atom-devbox" + - "atom-downloads" + - "atom-flush" + - "atom-plugins" + - "atom-search" + - "atom-site" + - "atom-uploads" + - "atom-worker" + - "drmc-mock" + - name: "Install AtoM dependencies" block: - include: "deps.yml" @@ -52,6 +87,7 @@ - include: "basic.yml" tags: - "atom-basic" + - include: "flush.yml" become_user: "{{ atom_user }}" environment: @@ -74,6 +110,7 @@ when: "atom_populate_index is defined and atom_populate_index|bool" tags: - "atom-search" + # do not build as user www-data due to errors with npm - include: "build.yml" when: "atom_build_static_assets is defined and atom_build_static_assets|bool" @@ -85,6 +122,13 @@ tags: - "atom-worker" + - include: "symlink-dirs.yml" + tags: + - "atom-uploads" + - "atom-downloads" + - "atom-build" + - "atom-worker" + - include: "uploads-dir.yml" tags: - "atom-uploads" diff --git a/tasks/plugins.yml b/tasks/plugins.yml index 3249a26..4c77f86 100644 --- a/tasks/plugins.yml +++ b/tasks/plugins.yml @@ -8,26 +8,26 @@ - name: "Update database" command: "php symfony tools:upgrade-sql -B" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" when: - "(atom_upgrade_sql is defined and atom_upgrade_sql|bool == true)" - name: "Enable AtoM plug-ins" shell: "php symfony tools:atom-plugins add {{ item }}" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" with_items: "{{ atom_plugins }}" - name: "Enable AtoM GDPR privacy page" command: "php symfony tools:run lib/task/tools/addGdprSettings.php" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" when: "atom_gdpr_enabled is defined and atom_gdpr_enabled|bool" # copy ES plugins to /etc/elasticsearch (assumes ES running on same server) # (copy manually if ES is on a separate backend server) - name: "Copy elasticsearch plugins" - command: "cp -rf {{ atom_path }}/plugins/arElasticSearchPlugin/scripts /etc/elasticsearch/" + command: "cp -rf {{ atom_path }}/{{ atom_extra_path }}/plugins/arElasticSearchPlugin/scripts /etc/elasticsearch/" become: "yes" become_user: "root" when: "atom_drmc_es_scripts is defined and atom_drmc_es_scripts|bool" diff --git a/tasks/revision-dir.yml b/tasks/revision-dir.yml new file mode 100644 index 0000000..2edec4c --- /dev/null +++ b/tasks/revision-dir.yml @@ -0,0 +1,32 @@ +--- + +- name: "Get candidate revision" + become: "no" + git: + repo: "{{ atom_repository_url }}" + version: "{{ atom_repository_version }}" + clone: "no" + update: "no" + accept_hostkey: "yes" + register: "atom_candidate_revision" + +- name: "Get current revision" + become: "no" + git: + repo: "{{ atom_repository_url }}" + version: "{{ atom_repository_version }}" + dest: "{{ atom_path }}/{{ atom_revision_directory_latest_symlink_dir }}" + clone: "no" + update: "no" + accept_hostkey: "yes" + register: "atom_current_revision" + +- name: "Print revisions" + debug: + msg: + - "current={{ atom_current_revision.before }}" + - "candidate={{ atom_candidate_revision.after }}" + +- name: "Define atom_extra_path when using atom_revision_directory" + set_fact: + atom_extra_path: "atom-{{ atom_candidate_revision.after }}" diff --git a/tasks/search.yml b/tasks/search.yml index 3d91c1e..db7d506 100644 --- a/tasks/search.yml +++ b/tasks/search.yml @@ -4,6 +4,6 @@ - name: "Populate search index" shell: "php symfony search:populate 1>/dev/null" args: - chdir: "{{ atom_path }}" + chdir: "{{ atom_path }}/{{ atom_extra_path }}" ignore_errors: "yes" # segfault in php7, not sure yet why! environment: "{{ atom_pool_php_envs }}" diff --git a/tasks/symlink-dirs.yml b/tasks/symlink-dirs.yml new file mode 100644 index 0000000..dc33af7 --- /dev/null +++ b/tasks/symlink-dirs.yml @@ -0,0 +1,13 @@ +--- + +- name: "Create revision symlink" + file: + state: "link" + src: "{{ atom_path }}/{{ atom_extra_path }}" + dest: "{{ atom_path }}/{{ atom_revision_directory_latest_symlink_dir }}" + force: "yes" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: + - "atom_revision_directory_latest_symlink_dir is defined" + - "atom_revision_directory|bool" diff --git a/tasks/uploads-dir.yml b/tasks/uploads-dir.yml index 41ad34d..db84230 100644 --- a/tasks/uploads-dir.yml +++ b/tasks/uploads-dir.yml @@ -4,7 +4,7 @@ file: state: "link" src: "{{ atom_uploads_symlink }}" - path: "{{ atom_path }}/uploads" + path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" force: "yes" owner: "{{ atom_user }}" group: "{{ atom_group }}" @@ -13,7 +13,7 @@ - name: "Uploads directory" file: state: "directory" - path: "{{ atom_path }}/uploads" + path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" owner: "{{ atom_user }}" group: "{{ atom_group }}" - when: "atom_uploads_symlink is undefined" \ No newline at end of file + when: "atom_uploads_symlink is undefined" diff --git a/templates/etc/init/atom-worker.conf b/templates/etc/init/atom-worker.conf index 61a0f29..2b2d35d 100644 --- a/templates/etc/init/atom-worker.conf +++ b/templates/etc/init/atom-worker.conf @@ -12,8 +12,14 @@ respawn respawn limit 10 60 post-stop exec sleep 3 +{% if atom_revision_directory|bool %} +env LOCATION={{ atom_path }}/{{ atom_revision_directory_latest_symlink_dir }} +env LOGFILE={{ atom_path }}/{{ atom_revision_directory_latest_symlink_dir }}/log/worker.log +{% else %} env LOCATION={{ atom_path }} env LOGFILE={{ atom_path }}/log/worker.log +{% endif %} + # AtoM PHP pool vars {% for key, value in atom_pool_php_envs.items() %} {% if value != "" -%} diff --git a/templates/etc/init/drmc-mock.conf b/templates/etc/init/drmc-mock.conf index d276961..078fbcb 100644 --- a/templates/etc/init/drmc-mock.conf +++ b/templates/etc/init/drmc-mock.conf @@ -12,7 +12,11 @@ respawn respawn limit 10 60 post-stop exec sleep 3 +{% if atom_revision_directory|bool %} +env LOCATION={{ atom_path }}/{{ atom_revision_directory_latest_symlink_dir }}/plugins/arDrmcPlugin/frontend/mock_api +{% else %} env LOCATION={{ atom_path}}/plugins/arDrmcPlugin/frontend/mock_api +{% endif %} setuid {{ atom_user }} setgid {{ atom_user }} diff --git a/templates/lib/systemd/system/atom-worker.service b/templates/lib/systemd/system/atom-worker.service index f5ddb6d..944fd10 100644 --- a/templates/lib/systemd/system/atom-worker.service +++ b/templates/lib/systemd/system/atom-worker.service @@ -13,7 +13,11 @@ WantedBy=multi-user.target Type=simple User={{ atom_user }} Group={{ atom_group }} +{% if atom_revision_directory|bool %} +WorkingDirectory={{ atom_path }}/{{ atom_revision_directory_latest_symlink_dir }} +{% else %} WorkingDirectory={{ atom_path }} +{% endif %} {% if ansible_os_family == "RedHat" %} {% if atom_worker_old_config|bool %} ExecStart=/opt/rh/rh-php{{ php_version }}/root/bin/php -d memory_limit=-1 -d error_reporting="E_ALL" symfony tools:gearman-worker From c6afa798484a25cf2fefc7da5f732bdbce96e03f Mon Sep 17 00:00:00 2001 From: Miguel Angel Date: Thu, 6 Aug 2020 22:23:42 +0200 Subject: [PATCH 2/7] Add downloads symlink New tasks have been added to create a symlink to a custom `downloads` directory in the same way we do for custom `upload` directories. The old uploads-dir tasks have been moved to symlink-dirs.yml task file. --- tasks/basic.yml | 10 ++++++++++ tasks/main.yml | 3 --- tasks/symlink-dirs.yml | 36 ++++++++++++++++++++++++++++++++++++ tasks/uploads-dir.yml | 19 ------------------- 4 files changed, 46 insertions(+), 22 deletions(-) delete mode 100644 tasks/uploads-dir.yml diff --git a/tasks/basic.yml b/tasks/basic.yml index 227923a..8bb065d 100644 --- a/tasks/basic.yml +++ b/tasks/basic.yml @@ -25,6 +25,12 @@ path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" when: "atom_uploads_symlink is defined" +- name: "Temporarily delete downloads symlink to avoid long waits on recursive chmod" + file: + state: "absent" + path: "{{ atom_path }}/{{ atom_extra_path }}/downloads" + when: "atom_downloads_symlink is defined" + - name: "Temporarily change permissions of site directory to be able to clone repo" file: path: "{{ atom_path }}/{{ atom_extra_path }}" @@ -135,6 +141,10 @@ shell: 'semanage fcontext -a -t httpd_sys_rw_content_t {{ atom_uploads_symlink }}\(/.*\)? && restorecon -R -v {{ atom_uploads_symlink }}' when: - "atom_uploads_symlink is defined" + - name: "Selinux: allow httpd to write on downloads folders" + shell: 'semanage fcontext -a -t httpd_sys_rw_content_t {{ atom_downloads_symlink }}\(/.*\)? && restorecon -R -v {{ atom_downloads_symlink }}' + when: + - "atom_downloads_symlink is defined" - name: "Selinux: enable httpd_can_network_connect" seboolean: name: httpd_can_network_connect diff --git a/tasks/main.yml b/tasks/main.yml index 168f05b..a28589d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -129,9 +129,6 @@ - "atom-build" - "atom-worker" - - include: "uploads-dir.yml" - tags: - - "atom-uploads" when: atom_install_site|bool == true tags: - "atom-site" diff --git a/tasks/symlink-dirs.yml b/tasks/symlink-dirs.yml index dc33af7..d29c63f 100644 --- a/tasks/symlink-dirs.yml +++ b/tasks/symlink-dirs.yml @@ -11,3 +11,39 @@ when: - "atom_revision_directory_latest_symlink_dir is defined" - "atom_revision_directory|bool" + +- name: "Uploads symlink" + file: + state: "link" + src: "{{ atom_uploads_symlink }}" + path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" + force: "yes" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: "atom_uploads_symlink is defined" + +- name: "Uploads directory" + file: + state: "directory" + path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: "atom_uploads_symlink is undefined" + +- name: "Downloads symlink" + file: + state: "link" + src: "{{ atom_downloads_symlink }}" + path: "{{ atom_path }}/{{ atom_extra_path }}/downloads" + force: "yes" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: "atom_downloads_symlink is defined" + +- name: "Downloads directory" + file: + state: "directory" + path: "{{ atom_path }}/{{ atom_extra_path }}/downloads" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: "atom_downloads_symlink is undefined" diff --git a/tasks/uploads-dir.yml b/tasks/uploads-dir.yml deleted file mode 100644 index db84230..0000000 --- a/tasks/uploads-dir.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: "Uploads symlink" - file: - state: "link" - src: "{{ atom_uploads_symlink }}" - path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" - force: "yes" - owner: "{{ atom_user }}" - group: "{{ atom_group }}" - when: "atom_uploads_symlink is defined" - -- name: "Uploads directory" - file: - state: "directory" - path: "{{ atom_path }}/{{ atom_extra_path }}/uploads" - owner: "{{ atom_user }}" - group: "{{ atom_group }}" - when: "atom_uploads_symlink is undefined" From db3809a01a1a30df6f825a3bfec57bee0e9f5e48 Mon Sep 17 00:00:00 2001 From: Miguel Angel Date: Thu, 6 Aug 2020 22:32:23 +0200 Subject: [PATCH 3/7] Create downloads and uploads symlink dirs Ensure `atom_uploads_symlink` and `atom_downloads_symlink` exist to avoid the following error when running the "Temporarily change ownership of site directory to be able to clone repo" task (and directory doesn't exist): ``` "Errno 2] No such file or directory: '/usr/share/nginx/atom-uploads'" ``` --- tasks/symlink-dirs.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tasks/symlink-dirs.yml b/tasks/symlink-dirs.yml index d29c63f..3680582 100644 --- a/tasks/symlink-dirs.yml +++ b/tasks/symlink-dirs.yml @@ -12,6 +12,14 @@ - "atom_revision_directory_latest_symlink_dir is defined" - "atom_revision_directory|bool" +- name: "Ensure uploads symlink directory exists" + file: + state: "directory" + path: "{{ atom_uploads_symlink }}" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: "atom_uploads_symlink is defined" + - name: "Uploads symlink" file: state: "link" @@ -30,6 +38,14 @@ group: "{{ atom_group }}" when: "atom_uploads_symlink is undefined" +- name: "Ensure downloads symlink directory exists" + file: + state: "directory" + path: "{{ atom_downloads_symlink }}" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: "atom_downloads_symlink is defined" + - name: "Downloads symlink" file: state: "link" From 1bfb5893ccfaa09726e5ecc93c45fd9cfa1ec967 Mon Sep 17 00:00:00 2001 From: Miguel Angel Date: Thu, 6 Aug 2020 22:38:10 +0200 Subject: [PATCH 4/7] Create private symlink Create a symlink for digital object access control from `$atom_path/private` to `$atom_path/$atom_revision_directory_latest_symlink_dir` when `atom_private_symlink` and `atom_revision_directory` are `true`. --- defaults/main.yml | 3 +++ tasks/symlink-dirs.yml | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 6c2954f..37ddfe3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,6 +18,9 @@ atom_devbox: "no" # Use a different AtoM directory for each revision atom_revision_directory: "no" atom_revision_directory_latest_symlink_dir: "src" +# Create a symlink from atom_path/private to +# atom_path/atom_revision_directory_latest_symlink_dir +atom_private_symlink: "no" # # Choose php version to use diff --git a/tasks/symlink-dirs.yml b/tasks/symlink-dirs.yml index 3680582..95f4804 100644 --- a/tasks/symlink-dirs.yml +++ b/tasks/symlink-dirs.yml @@ -12,6 +12,20 @@ - "atom_revision_directory_latest_symlink_dir is defined" - "atom_revision_directory|bool" +# AtoM private symlink for digital object access control +- name: "Create private symlink" + file: + state: "link" + src: "{{ atom_path }}/{{ atom_revision_directory_latest_symlink_dir }}" + dest: "{{ atom_path }}/private" + force: "yes" + owner: "{{ atom_user }}" + group: "{{ atom_group }}" + when: + - "atom_revision_directory_latest_symlink_dir is defined" + - "atom_revision_directory|bool" + - "atom_private_symlink|bool" + - name: "Ensure uploads symlink directory exists" file: state: "directory" From 1cebdae98106f214e06fcf00f662e194b8fda68f Mon Sep 17 00:00:00 2001 From: Miguel Angel Date: Thu, 6 Aug 2020 23:01:51 +0200 Subject: [PATCH 5/7] Use a new task file for all cli tasks The new task file includes the following commands: - rebuild index - Update database - fix data: Rebuild nested-set and generate slugs - Compile all available themes The `search.yml` task file has been removed, and the "Update database" task has been moved to the new cli tasks file. --- defaults/main.yml | 12 +++++++++- tasks/build.yml | 56 +++++++++++++++++++++++++++++++++------------ tasks/cli_tools.yml | 41 +++++++++++++++++++++++++++++++++ tasks/main.yml | 4 ++-- tasks/plugins.yml | 7 ------ tasks/search.yml | 9 -------- 6 files changed, 96 insertions(+), 33 deletions(-) create mode 100644 tasks/cli_tools.yml delete mode 100644 tasks/search.yml diff --git a/defaults/main.yml b/defaults/main.yml index 37ddfe3..7207342 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -42,11 +42,21 @@ atom_worker_service_name: "{{ atom_path | basename }}-worker" atom_worker_old_config: "no" # -# Misc +# CLI tasks # +# Compile all available themes +atom_compile_all_themes: "no" # Populate search index atom_populate_index: "no" +# Rebuild nested-set and generate slugs +atom_fix_data: "no" +# Upgrade sql +atom_upgrade_sql: "no" + +# +# Misc +# # Flush database atom_flush_data: "no" diff --git a/tasks/build.yml b/tasks/build.yml index 0f29eeb..c50f9da 100644 --- a/tasks/build.yml +++ b/tasks/build.yml @@ -16,23 +16,51 @@ # AtoM # +- name: "Find themes" + shell: "find {{ atom_path }}/{{ atom_extra_path }}/plugins -name Makefile | sed -r 's/Makefile//g'" + register: theme_makefiles + when: atom_compile_all_themes|bool + - name: "Build AtoM themes (Ubuntu)" - command: "{{ item.build_cmd }}" - args: - chdir: "{{ item.path }}" - with_items: "{{ atom_themes }}" - become: "no" - when: - - ansible_os_family == "Debian" + block: + - name: "Build all AtoM themes (Ubuntu)" + command: "make" + args: + chdir: "{{ item }}" + with_items: "{{ theme_makefiles.stdout_lines }}" + become: "no" + when: + - atom_compile_all_themes|bool + - name: "Build selected AtoM themes (Ubuntu)" + command: "{{ item.build_cmd }}" + args: + chdir: "{{ item.path }}" + with_items: "{{ atom_themes }}" + become: "no" + when: + - not atom_compile_all_themes|bool # Don't compile themes when they are alreay compiled + when: ansible_os_family == "Debian" - name: "Build AtoM themes (CentOS/RH)" - command: "scl enable rh-nodejs6 {{ item.build_cmd }}" - args: - chdir: "{{ item.path }}" - with_items: "{{ atom_themes }}" - become: "no" - when: - - ansible_os_family == "RedHat" + block: + - name: "Build all AtoM themes (CentOS/RH)" + command: "scl enable rh-nodejs6 make" + args: + chdir: "{{ item }}" + with_items: "{{ theme_makefiles.stdout_lines }}" + become: "no" + when: + - atom_compile_all_themes|bool + - name: "Build selected AtoM themes (CentOS/RH)" + command: "scl enable rh-nodejs6 {{ item.build_cmd }}" + args: + chdir: "{{ item.path }}" + with_items: "{{ atom_themes }}" + become: "no" + when: + - not atom_compile_all_themes|bool # Don't compile themes when they are alreay compiled + when: ansible_os_family == "RedHat" + # # DRMC/Binder # diff --git a/tasks/cli_tools.yml b/tasks/cli_tools.yml new file mode 100644 index 0000000..6a2edfb --- /dev/null +++ b/tasks/cli_tools.yml @@ -0,0 +1,41 @@ +--- + +- name: "Update database" + command: "php symfony tools:upgrade-sql -B" + args: + chdir: "{{ atom_path }}/{{ atom_extra_path }}" + when: "atom_upgrade_sql|bool" + +- name: "Build nested set" + command: "php symfony propel:build-nested-set" + args: + chdir: "{{ atom_path }}/{{ atom_extra_path }}" + when: "atom_fix_data|bool" + +- name: "Generate slugs" + command: "php symfony propel:generate-slugs" + args: + chdir: "{{ atom_path }}/{{ atom_extra_path }}" + when: "atom_fix_data|bool" + +- name: "Clear cache" + command: "php symfony cache:clear" + args: + chdir: "{{ atom_path }}/{{ atom_extra_path }}" + notify: + - "Reload PHP service" + +# stdout is ignored, not very useful and too verbose (--quiet opt would be nice) +- name: "Populate search index" + shell: "php symfony search:populate" + args: + chdir: "{{ atom_path }}/{{ atom_extra_path }}" + ignore_errors: "yes" # segfault in php7, not sure yet why! + environment: "{{ atom_pool_php_envs }}" + register: "search_populate" + when: "atom_populate_index|bool" + +- name: "Print populate search index output" + debug: + msg: "{{ search_populate.stdout_lines | last }}" + when: "search_populate.changed" diff --git a/tasks/main.yml b/tasks/main.yml index a28589d..c08ba42 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -105,11 +105,11 @@ tags: - "atom-plugins" - - include: "search.yml" + - include: "cli_tools.yml" become_user: "{{ atom_user }}" - when: "atom_populate_index is defined and atom_populate_index|bool" tags: - "atom-search" + - "atom-cli" # do not build as user www-data due to errors with npm - include: "build.yml" diff --git a/tasks/plugins.yml b/tasks/plugins.yml index 4c77f86..803f026 100644 --- a/tasks/plugins.yml +++ b/tasks/plugins.yml @@ -5,13 +5,6 @@ # become_user: "{{ atom_user }}" # environment: "{{ atom_pool_php_envs }}" -- name: "Update database" - command: "php symfony tools:upgrade-sql -B" - args: - chdir: "{{ atom_path }}/{{ atom_extra_path }}" - when: - - "(atom_upgrade_sql is defined and atom_upgrade_sql|bool == true)" - - name: "Enable AtoM plug-ins" shell: "php symfony tools:atom-plugins add {{ item }}" args: diff --git a/tasks/search.yml b/tasks/search.yml deleted file mode 100644 index db7d506..0000000 --- a/tasks/search.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -# stdout is ignored, not very useful and too verbose (--quiet opt would be nice) -- name: "Populate search index" - shell: "php symfony search:populate 1>/dev/null" - args: - chdir: "{{ atom_path }}/{{ atom_extra_path }}" - ignore_errors: "yes" # segfault in php7, not sure yet why! - environment: "{{ atom_pool_php_envs }}" From 15ad65f61a424b757e519fe7b71ae46b18aa511d Mon Sep 17 00:00:00 2001 From: Miguel Angel Date: Tue, 11 Aug 2020 12:12:05 +0200 Subject: [PATCH 6/7] Use compare() instead of version_compare() --- tasks/deps.yml | 10 +++++----- tasks/fop.yml | 10 +++++----- tasks/php-pool-cfg.yml | 4 ++-- tasks/php.yml | 2 +- templates/etc/php/5/fpm/pool.d/atom.conf | 2 +- templates/etc/php/7.0/fpm/pool.d/atom.conf | 2 +- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tasks/deps.yml b/tasks/deps.yml index 771537f..d7472af 100644 --- a/tasks/deps.yml +++ b/tasks/deps.yml @@ -8,7 +8,7 @@ url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280 id: "68576280" state: present - when: "ansible_distribution_version is version_compare('16.04', '<=')" + when: "ansible_distribution_version is version('16.04', '<=')" - name: "Add external repositories" apt_repository: @@ -16,13 +16,13 @@ update_cache: "yes" with_items: - "deb https://deb.nodesource.com/node_5.x {{ ansible_distribution_release }} main" - when: "ansible_distribution_version is version_compare('16.04', '<=')" + when: "ansible_distribution_version is version('16.04', '<=')" - name: "Add archivematica/externals-dev PPA (ffmpeg in Ubuntu <= 14.04)" apt_repository: repo: "ppa:archivematica/externals-dev" update_cache: "yes" - when: "ansible_distribution_version is version_compare('14.04', '<=')" + when: "ansible_distribution_version is version('14.04', '<=')" - name: "Install AtoM dependencies (Ubuntu <= Xenial/16.04)" apt: @@ -39,7 +39,7 @@ - "python-pip" # - "python-setuptools" # - "openjdk-8-jre-headless" # Needed by FOP - when: "ansible_distribution_version is version_compare('16.04', '<=')" + when: "ansible_distribution_version is version('16.04', '<=')" - name: "Install AtoM dependencies (Ubuntu >= Bionic/18.04)" apt: @@ -56,7 +56,7 @@ - "python-pip" # - "python-setuptools" # - "openjdk-8-jre-headless" # Needed by FOP - when: "ansible_distribution_version is version_compare('18.04', '>=')" + when: "ansible_distribution_version is version('18.04', '>=')" - name: "Install Sphinx" pip: diff --git a/tasks/fop.yml b/tasks/fop.yml index 8860b53..de7c617 100644 --- a/tasks/fop.yml +++ b/tasks/fop.yml @@ -4,14 +4,14 @@ apt: pkg: "fop" state: "latest" - when: "ansible_distribution_version is version_compare('18.04', '==')" + when: "ansible_distribution_version is version('18.04', '==')" tags: - "atom-fop" - name: "Use FOP 2.1 in AtoM 2.3 or newer (Ubuntu 16.04 or RH)" set_fact: fop_version: "2.1" - when: ( ansible_distribution_version is version_compare('16.04', '==') ) or + when: ( ansible_distribution_version is version('16.04', '==') ) or ( ansible_os_family == "RedHat" ) tags: - "atom-fop" @@ -19,7 +19,7 @@ - name: "Use FOP 1.0 in AtoM 2.2 (Ubuntu 14.04)" set_fact: fop_version: "1.0" - when: "ansible_distribution_version is version_compare('14.04', '==')" + when: "ansible_distribution_version is version('14.04', '==')" tags: - "atom-fop" @@ -44,7 +44,7 @@ src: "/usr/share/fop-{{ fop_version }}/fop" dest: "/usr/local/bin/fop" state: "link" - when: ( ansible_distribution_version is version_compare('16.04', '<=') ) or + when: ( ansible_distribution_version is version('16.04', '<=') ) or ( ansible_os_family == "RedHat" ) tags: - "atom-fop" @@ -55,5 +55,5 @@ path: "/etc/ImageMagick-6/policy.xml" state: "absent" regexp: 'PDF" />$' - when: "ansible_distribution_version is version_compare('16.04', '>=')" + when: "ansible_distribution_version is version('16.04', '>=')" diff --git a/tasks/php-pool-cfg.yml b/tasks/php-pool-cfg.yml index 7318487..107385a 100644 --- a/tasks/php-pool-cfg.yml +++ b/tasks/php-pool-cfg.yml @@ -21,7 +21,7 @@ - "Restart PHP service" when: - ansible_distribution == "Ubuntu" - - "ansible_distribution_version is version_compare('14.04', '==')" + - "ansible_distribution_version is version('14.04', '==')" - name: "Configure php-fpm pool (Ubuntu >= 16.04)" block: @@ -36,7 +36,7 @@ notify: - "Restart PHP service" when: - - "ansible_distribution_version is version_compare('16.04', '>=')" + - "ansible_distribution_version is version('16.04', '>=')" - ansible_distribution == "Ubuntu" - name: "Configure php-fpm pool (RH)" diff --git a/tasks/php.yml b/tasks/php.yml index 46a8757..97794b8 100644 --- a/tasks/php.yml +++ b/tasks/php.yml @@ -15,4 +15,4 @@ lineinfile: dest: "/etc/init/php5-fpm.conf" line: "reload signal USR2" - when: "ansible_distribution_version is version_compare('14.04', '==')" + when: "ansible_distribution_version is version('14.04', '==')" diff --git a/templates/etc/php/5/fpm/pool.d/atom.conf b/templates/etc/php/5/fpm/pool.d/atom.conf index a30a36e..b963879 100644 --- a/templates/etc/php/5/fpm/pool.d/atom.conf +++ b/templates/etc/php/5/fpm/pool.d/atom.conf @@ -43,7 +43,7 @@ php_admin_value[apc.shm_size] = 192M php_admin_value[apc.num_files_hint] = 5000 php_admin_value[apc.stat] = {% if atom_environment_type == 'development' %}1{% else %}0{% endif %} -{% if ansible_distribution_version is version_compare('14.04', '>=') %} +{% if ansible_distribution_version is version('14.04', '>=') %} ; Zend OPcache php_admin_value[opcache.enable] = 1 php_admin_value[opcache.enable_cli] = 0 diff --git a/templates/etc/php/7.0/fpm/pool.d/atom.conf b/templates/etc/php/7.0/fpm/pool.d/atom.conf index ce5bb7e..06197ef 100644 --- a/templates/etc/php/7.0/fpm/pool.d/atom.conf +++ b/templates/etc/php/7.0/fpm/pool.d/atom.conf @@ -47,7 +47,7 @@ php_admin_value[apc.shm_size] = 192M php_admin_value[apc.num_files_hint] = 5000 php_admin_value[apc.stat] = {% if atom_environment_type == 'development' %}1{% else %}0{% endif %} -{% if ansible_distribution_version is version_compare('14.04', '>=') %} +{% if ansible_distribution_version is version('14.04', '>=') %} ; Zend OPcache php_admin_value[opcache.enable] = 1 php_admin_value[opcache.enable_cli] = 0 From 1f0277e23271466eb665c99ddd9a94b9fa51da7a Mon Sep 17 00:00:00 2001 From: Miguel Angel Date: Wed, 12 Aug 2020 19:34:37 +0200 Subject: [PATCH 7/7] Make git clone options configurable --- tasks/basic.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/basic.yml b/tasks/basic.yml index 8bb065d..01663ba 100644 --- a/tasks/basic.yml +++ b/tasks/basic.yml @@ -45,6 +45,8 @@ version: "{{ atom_repository_version }}" dest: "{{ atom_path }}/{{ atom_extra_path }}" accept_hostkey: "yes" + depth: "{{ atom_git_pull_code_depth | default(omit) }}" + force: "{{ atom_git_pull_code_force | default('no') }}" notify: - "Clear sf_cache" - "Reload PHP service"