corelab2/web-server.yaml at master · coregenomics/corelab2 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# Install HTTPS certificate, RStudio server, and facette collectd viewer.
#
# We don't want RStudio to be the primary web application, but one of many.
#
# RStudio documentation:
# 1. Reverse proxy setup
#    https://support.rstudio.com/hc/en-us/articles/200552326-Configuring-the-Server
# 2. Getting started
#    https://support.rstudio.com/hc/en-us/articles/200552306-Getting-Started
# 3. Configuration
#    https://support.rstudio.com/hc/en-us/articles/200552316-Configuring-the-Server
---
- name: Setup SSL, Apache and RStudio Server
  hosts: all
  vars:
    domain: corelab2.mcb.uconn.edu
    facette_read_only: true
    facette_base_path: stats_

  tasks:
  - name: Open port 80 to setup SSL with certbot
    become: yes
    ufw:
      rule: allow
      name: Apache Full

  - name: Install certbot for SSL certificate
    become: yes
    apt:
      name:
        - certbot
        - python3-certbot-apache

  - name: Check if SSL certificate created
    become: yes
    stat:
      path: /etc/letsencrypt/live/{{ domain }}
    register:
      cert

  - name: Generate SSL certificate
    become: yes
    # The command also installs /etc/cron.d/certbot for auto-renewal.
    command: certbot --apache
    when: not cert.stat.exists

  - name: Install RStudio Server
    become: yes
    apt:
      deb: https://download2.rstudio.org/server/bionic/amd64/rstudio-server-1.2.5033-amd64.deb
    notify:
    - Restart rstudio-server

  - name: Setup rserver.conf
    become: yes
    template:
      src: templates/rserver.conf.j2
      dest: /etc/rstudio/rserver.conf
    notify:
    - Restart rstudio-server

  - name: Create facette user and group for collectd frontend
    become: yes
    user:
      name: facette
      system: yes
      create_home: no
      shell: /usr/sbin/nologin
    tags: facette

  - name: Apply facette directory permissions
    become: yes
    file:
      state: directory
      path: '{{ dir }}'
      owner: facette
      group: facette
      mode: 0755
    loop:
      - /var/cache/facette/
      - /var/log/facette/
      - /var/lib/facette/
    loop_control:
      loop_var: dir
    tags: facette

  - name: Install collectd frontend facette
    become: yes
    apt:
      deb: https://github.com/facette/facette/releases/download/0.5.1/facette_0.5.1_bionic-amd64.deb
    notify:
      - Restart facette
    tags: facette

  - name: Generate facette configuration file
    become: yes
    template:
      src: templates/facette.yaml.j2
      dest: /etc/facette/facette.yaml
    notify:
      - Enable facette
      - Restart facette
    tags: facette

  - name: Enable proxy modules
    become: yes
    apache2_module:
      name: '{{ item }}'
    loop:
      - proxy_http
      - proxy_wstunnel
    notify:
    - Restart apache2

  # Fix warnings from `sudo apachectl -S`
  - name: Fix apache2 ServerName
    become: yes
    lineinfile:
      path: '{{ item.path }}'
      insertafter: '{{ item.insertafter }}'
      regexp: '{{ item.indent }}ServerName '
      line:   '{{ item.indent }}ServerName {{ domain }}'
    loop:
      - path: /etc/apache2/sites-enabled/000-default.conf
        insertafter: '#ServerName'
        indent: '        '
      - path: /etc/apache2/apache2.conf
        insertafter: '^#ServerRoot'
        indent: ''
    notify:
    - Restart apache2

  - name: Setup reverse proxy
    become: yes
    blockinfile:
      path: '/etc/apache2/sites-enabled/{{ item.file }}'
      insertbefore: '{{ item.insertbefore }}'
      block: |
        RewriteEngine on

        {% if facette_read_only %}
        RewriteCond %{HTTP:Upgrade} =websocket
        RewriteRule /{{ facette_base_path }}/(.*)     ws://localhost:12003/{{ facette_base_path }}/$1  [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket
        RewriteRule /{{ facette_base_path }}/(.*)     http://localhost:12003/{{ facette_base_path }}/$1 [P,L]
        ProxyPass /{{ facette_base_path }}/ http://localhost:12003/{{ facette_base_path }}/
        ProxyPassReverse /{{ facette_base_path }}/ http://localhost:12003/{{ facette_base_path }}/

        {% endif -%}
        RewriteCond %{HTTP:Upgrade} =websocket
        RewriteRule /rstudio/(.*)     ws://localhost:8787/$1  [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket
        RewriteRule /rstudio/(.*)     http://localhost:8787/$1 [P,L]
        ProxyPass /rstudio/ http://localhost:8787/
        ProxyPassReverse /rstudio/ http://localhost:8787/

        Redirect / /rstudio/

        ProxyRequests Off
    loop:
      - file: 000-default.conf
        insertbefore: '^</VirtualHost>'
      - file: 000-default-le-ssl.conf
        insertbefore: '^SSLCertificateFile'
    notify:
    - Restart apache2
    tags: facette

  handlers:
  - name: Restart rstudio-server
    become: yes
    systemd:
      name: rstudio-server
      state: restarted

  - name: Enable facette
    become: yes
    service:
      name: facette
      enabled: yes

  - name: Restart facette
    become: yes
    service:
      name: facette
      state: restarted

  - name: Restart apache2
    become: yes
    systemd:
      name: apache2
      state: reloaded