Add playbook for deploying api.demo.recordsansible.org
This deploys api.demo.recordsansible.org using ansible-role-ara. The only part not yet automated is the letsencrypt certificate generation. Change-Id: I6b436d3be32105fdf9d661d042bfb3d40e5e39a6 Depends-On: https://review.openstack.org/#/c/641816/
This commit is contained in:
parent
f026c4e012
commit
aadb834b94
10
playbooks/ansible.cfg
Normal file
10
playbooks/ansible.cfg
Normal file
@ -0,0 +1,10 @@
|
||||
[defaults]
|
||||
forks = 25
|
||||
gathering = smart
|
||||
fact_caching = jsonfile
|
||||
fact_caching_connection = /tmp/
|
||||
fact_caching_timeout = 3600
|
||||
inventory = hosts
|
||||
|
||||
[ssh_connection]
|
||||
pipelining = True
|
1
playbooks/hosts
Normal file
1
playbooks/hosts
Normal file
@ -0,0 +1 @@
|
||||
demo.recordsansible.org ansible_host=139.178.83.37 ansible_user=fedora ansible_python_interpreter=/usr/bin/python3
|
15
playbooks/live-demo.yaml
Normal file
15
playbooks/live-demo.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
- name: Provision demo.recordsansible.org
|
||||
hosts: demo.recordsansible.org
|
||||
gather_facts: yes
|
||||
vars:
|
||||
ara_api_frontend_server: nginx
|
||||
ara_api_frontend_vhost: api.demo.recordsansible.org.conf.j2
|
||||
ara_api_wsgi_server: gunicorn
|
||||
ara_api_fqdn: api.demo.recordsansible.org
|
||||
ara_api_allowed_hosts:
|
||||
- api.demo.recordsansible.org
|
||||
ara_api_cors_origin_whitelist:
|
||||
- web.demo.recordsansible.org
|
||||
- logs.openstack.org
|
||||
roles:
|
||||
- ara_api
|
51
playbooks/templates/api.demo.recordsansible.org.conf.j2
Normal file
51
playbooks/templates/api.demo.recordsansible.org.conf.j2
Normal file
@ -0,0 +1,51 @@
|
||||
upstream ara_api {
|
||||
# fail_timeout=0 means we always retry an upstream even if it failed
|
||||
# to return a good HTTP response
|
||||
server {{ ara_api_wsgi_bind }} fail_timeout=0;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{ ara_api_fqdn }};
|
||||
return 301 https://{{ ara_api_fqdn }}$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
server_name {{ ara_api_fqdn }};
|
||||
access_log /var/log/nginx/{{ ara_api_fqdn }}_access.log;
|
||||
error_log /var/log/nginx/{{ ara_api_fqdn }}_error.log;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ ara_api_fqdn }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ ara_api_fqdn }}/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
# There's nothing at /, redirect it to the actual API for convenience
|
||||
location / {
|
||||
return 301 http://{{ ara_api_fqdn }}/api/v1/;
|
||||
}
|
||||
|
||||
location /static {
|
||||
expires 7d;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
|
||||
# Everything, including static files, is served by the backend
|
||||
location ~ {
|
||||
# checks if the file exists, if not found proxy to app
|
||||
try_files $uri @proxy_to_app;
|
||||
}
|
||||
|
||||
location @proxy_to_app {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_pass http://ara_api;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user