How to install my Ghost(c) platform on CentOS v7 using ansible

This is a "tiny" steps reminder dedicated to recap all actions need embedded into the configuration of my ghost.js platform.

All steps are written and inspired from the official ghost installation guide. Basically, we need to install a MySQL (or Postrges) database engine manager. In front of that we 've got nginx for providing the reverse proxy mechanism, and some cache management application like memcached for enhancing the global velocity. After that we'll deal with a session manager -pm2- and SSL certificat -thanks to let's encrypt- installation process. And finally we'll import the last backup of our ghost instance.  Backup which is done BTW at the jenkins step of our CI/CD process, just after the pull request of an new article into our gitlab server.

I all that bunches of apps provided and provisioned as code to address directly to a VPS hosted by OVH company. In a first attempt at least. I'll use ansible for that. In a second time -and in another article- I'll describe how I use terraform and a real orchestrator ie Kubernetes to deal with automated scaled dockers containers on nodes and pods dispatched into all my Public Cloud account (AWS, GCP, IBM) as my own private OpenStack/Openshift infra. All that bunch run websites, weapps, and some of my backups there. We let see how later.

Each actions is regrouped as Block/Role and got his own ansible playbook with proper vars.

So let's ride...

Create a new user named toto: useradd toto [1]

---
- name: Add toto user
  user:
   name: toto

Add this user to wheel group in order to give him some admin privileges

usermod -Ga wheel toto
---
- name: Install Ghost.js on CentOS v7
  hosts: centos.test
  vars_files: 
    - ghost_vars.yml
  tasks:
    - name: Verify vars files
      debug: "msg={{ ghost_user}}"
    - name: Add "{{ ghost_user }}" user
      user:
        name: "{{ ghost_user }}"
        state: present
        groups: wheel
        append: yes
      become: True

Change the /etc/sudoers file accordingly for avoiding the confirmation password during installations[2] :

sed -i -e's/^#[[:blank:]]*\%wheel[[:blank:]]*ALL\=(ALL)[[:blank:]]*NOPASSWD\:[[:blank:]]*ALL.*$/%wheel ALL=(ALL) NOPASSWD\: ALL/g' /etc/sudoers

sed -e's/^[[:blank:]]*\%wheel.*ALL\=(ALL)[[:blank:]]*ALL[[:blank:]]*$/\#%wheel     ALL=(ALL)   ALL/g' /etc/sudoers
    - name: copy the new sudoers from Jinja2 local file
      template:
        src: templates/sudoers.j2
        dest: /etc/sudoers
        backup: yes
      become: True

with in templates/sudoers.j2file :

Defaults   !visiblepw
Defaults    always_set_home
Defaults    match_group_by_gid
Defaults    always_query_group_plugin
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root    ALL=(ALL)       ALL
%wheel  ALL=(ALL)       NOPASSWD:ALL

then from now as toto user, proceed with the rest.

---
- name: Become toto

Update the system yum update -y

---
- name: Update the system
  yum:
   name: '*'
   state: latest
  become: True

install the nginx package yum install -y nginx

---
- name: Add epel-release repo
  yum_repository:
   name: epel-release
   state: present
   
- name: Install the latest Nginx package
  yum:
   name: nginx
   state: latest

Open the HTTP and HTTPS service on the firewall

firewall-cmd --permanent --zone=public --add-service=http

firewall-cmd --permanent --zone=public --add-service=https

firewall-cmd --reload

---
- name: Add HTTP service
  - firewalld:
    zone: public
    service: http
    permanent: yes
    state: enabled
    immediate: yes
    
- name: Add HTTPS service
  - firewalld:
    zone: public
    service: https
    permanent: yes
    state: enabled
    immediate: yes

Install MariaDB -aka MySQL- like yum install -y mariadb [3]

---
- name: install mariadb and mariadb-server
  yum:
    name: 
      - mariadb
      - mariadb-server
      - MySQL-python
    state: latest
    become: True
- name: start mariadb service
    service:
      name: mariadb
      state: restarted 
    become: True

Configure the DB installation as mysql user run ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '\<th1s_1s_m]_p@55w0rd\>' [4]

---
    - name: set the mariadb root password
      mysql_user:
        check_implicit_admin: yes
        login_user: root
        name: root
        host: localhost
        password: "{{ root_db_passwd }}"
        state: present

back with toto and install Node.js repository in version 10, and not the latest which is  version 13 : curl -sL https://rpm.nodesource.com/setup_10.x | bash - [5]

---
- block:
    - name: Download Node.js v10 repository installation script
      get_url:
        url: https://rpm.nodesource.com/setup_10.x
        dest: /tmp/setup_10.sh
        mode: 777
      become: True
	- name: run the nodejs installation repository
      become: True
      shell: /tmp/setup_10.x
    

Install Node.js (v10.x) (and npm v6) : yum install -y nodejs

---
- name: Install Node.js
  yum:
    name: nodejs
    state: latest
    

Install Ghost-cli : npm install ghost-cli@latest -g

---
- name : Install ghost-cli
  become: True
  npm:
    name: ghost-cli
    global: yes
    state: latest

Install Ghost

Create and configure the target directory:

mkdir -p {{path_to_fredericinfo}}

chown toto:toto {{path_to_fredericinfo}}

chmod 775 {{path_to_fredericinfo}}

---
- name : Make the {{ path_to_fredericinfo }}
  file:
    path: {{ path_to_fredericinfo }}
    state: directory
    mode: '0755'
    recurse: yes
    owner: {{ ghost_user }}
    group: {{ ghost_user }}

Install ghost with the answers files : ghost install < cat $ANSWERS.TXT[6]

---
- name: Install ghost
  shell ghost install:
    command: ghost install
    responses:
      Question:
        - Y
        - Y
        - mysql
        - {{ ghost_user }}
        - root
        - {{ db_passwd}}
        - ...

or with the appropriate option of ghost install options

ghost install \

--sslemail {{ ghost_ssl_email }} \

--url fredericmariejoseph.info \

--port {{ ghost_port }} \

--ip {{ ghost_ip }} \

--db[type/path/host/user/pass/name] {{ _accordingly }} \

--mail[transport/service/user/pass/host/port] {{ _accordingly }} \

--process pm2 \

--pname fredericmariejoseph.info \

--no-prompt \

--auto

Same process for the pm2, memcached, and the ghost import with the ghost update command.

TODO list :

  • regroup the yum install tasks in one shot
  • write the unit tests associated with each main tasks of this playbook
  • describe how to plug this (configuration ) playbooks with my existing terraform plan building openstack|AWS|GCP|Bluemix|Azure (?!)... cloud infra
  • expose all others CI/CD oriented playbooks in order to show the way standard I propose a Relase as a Service (RaaS) in the fredericinfo solution's portfolio.
  • Please ! Add some Variables, Facts, Templates and Groups descriptions.

[^1]: Geez !! the automation of password creation associated with this user is ... tricky: github examples ... ↩︎

[^2 ]: Please use Jinja2 template here ! ↩︎

[^3 ]: For mysql_secure_installation see stackoverflow ↩︎

[^4 ]: Note the tricky point about the similarity here between the login user and the actual user altered ↩︎

[^5 ]: maybe I should use the package_repository ansible module here. ↩︎

[^6 ]: You may prefer using the interactive shell prompt way through the command or shellmodule. You could also give a try with expect module, but it need some twicks on CentOS/Python. ↩︎

Afficher les commentaires