Media folder permission while deploying django app with Ansible - django

I am deploying with Ansible, in task I do check whether a folder exists or not for e.g. log, assets etc. and give them 755 permission
- name: Ensure source, static, media and logs directories exist
file: dest={{ item }} mode=755 owner={{ app_user }} group={{ app_group }} state=directory
with_items:
- "{{ static_dir }}"
- "{{ media_dir }}"
- "{{ logs_dir }}"
I am running the app with app_user and who is in the group of apache so my all files and directories have app_user:apache permission.
With the above permission I'am not able to upload files to media directory, but when I give chown -R g+w media permission to media directory uploads happens, but then ansible stops working as media gets apache:apache permission.
How do I resolve this issue, what permission do I give to media folder?
My django project resides in /var/www/www.example.com/ and media is in /var/www/www.example.com/src/media/
www.example.com folder has app_user:apache chown.

The Ansible file module needs the full octal number supplied to the mode parameter, rather than the shorthand 3 digit version we are used to using with the chmod command.
As mentioned on http://docs.ansible.com/ansible/file_module.html, "Leaving off the leading zero will likely have unexpected results.".
Try:
file: dest={{ item }} mode=0755 owner={{ app_user }} group={{ app_group }} state=directory
Hope that helps.

Related

How to Use a Loop to Render Multiple Templates with multiple variables

I have a task to install monitoring agent in multiple hosts.
we are using three templates(yml files) during this installations. these template contain multiple tags. such as app name, teamdl, server IP, datacenter and so on...
for bulk installation we are using csv file which contains value for each tag.
Ask is to use each item in the csv file and use them as variable for all three templates.
I am able to read these items, but not able to use them. please support.
main.yml
- name: copy the csv file
copy:
src: "/u00/ansible/Playbooks/test.csv". # present in ansible controller
dest: "/u00/app/monitor/test.csv" #target server
become: yes
become_user: root
vars:
contents: "{{ lookup('file', '/u00/app/monitor/test.csv').split('\n') }}"
- name: Update config yml files
template: src={{item.src}} dest={{item.dest}}
loop:
- { src: '/u00/ansible/Playbooks/files/infra.yml_template', dest: '/u00/app/monitor/infra.yml' }
infra.yml_template -
custom_attributes:
application : {{ item.Application }}
env : {{ item.env }}
datacenter : {{ item.Datacenter }}
log:
file: /u00/app/monitor/infra.log
format: text
level: smart
forward: false
stdout: false
smart_level_entry_limit: 500
rotate:
max_size_mb: 100
max_files: 5
compression_enabled: true
file_pattern: rotated.YYYY-MM-DD_hh-mm-ss.log
error -
TASK [infra-integration : copy the csv file] ********************************
[0;32mok: [testserver1][0m
[0;32mok: [Testserver2][0m
TASK [Infra-integration : Update config yml files] **************************
[0;31mAn exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleUndefinedVariable: 'dict object' has no attribute 'Application'[0m
[0;31mfailed: [testserver1] (item={'src': '/u00/ansible/Playbooks/files/infra.yml_template', 'dest': '/u00/app/monitor/infra.yml'}) => {"ansible_loop_var": "item", "changed": false, "item": {"dest": "/u00/app/monitor/infra.yml", "src": "/u00/ansible/Playbooks/files/infra.yml_template"}, "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'Application'"}[0m
Expectation is to read csv file and use variables in three different template located at three different location.

Github Actions / Extract TicketID from branch name

You can currently set env vars via:
- name: Configure Environment Variables
uses: allenevans/set-env#v1.0.0
with:
CDN_PATH: app-foo/${{ github.run_id }}
CDN_URL: 'https://cdn.mycompany.com'
JIRA_TICKET_ID: ${{ match(github.ref, ...) }} # How can I extract a string from a branch name?
https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#functions
https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions
How can I extract a string from the branch name?
JIRA_TICKET_ID: ${{ match(github.ref, ...) }}
I don't believe there is a build in function in github actions to do that. But you can run a step before your action that gets the jira ticket for you.
NOTE: You will need to modify the sed regex to the one to get your ticket. Right now it only gets the branch name from the ref
- id: getjiraticket
run: echo "::set-output name=jiraticketid::`echo "${{ github.ref }}" | sed 's/.*\///'`"
- name: Configure Environment Variables
uses: allenevans/set-env#v1.0.0
with:
CDN_PATH: app-foo/${{ github.run_id }}
CDN_URL: 'https://cdn.mycompany.com'
JIRA_TICKET_ID: ${{ steps.getjiraticket.outputs.jiraticketid }}

Adding paths to config file in most efficent way via Ansible

I wrote a task that is responsible for changing supervisor config file. The case is that on some servers we have more than one app running workers, so sometimes more than one path needs to be added to include section of supervisor.conf.
Currently I wrote this task in /roles/supervisor/tasks/main.yml/:
- name: Add apps paths in include section
lineinfile:
dest: /etc/supervisor/supervisord.conf
regex: '^files ='
line: 'files = /etc/supervisor/conf.d/*.conf /home/app/{{ app_name }}/releases/app/shared/supervisor/*.conf /home/dev/{{ app_name2 }}/releases/dev/shared/supervisor/*.conf'
when: ansible_hostname = 'ser-db-10'
notify: restart supervisor
tags: multi_workers
... and added in /roles/supervisor/defaults/main.yml/ this:
app_name: bla
app_name2: blabla
It works, but I don't like the thing that there are two application paths hardcoded in line and maybe I should also add variable in place of ser-db-10.
I am wondering how to rebuild this task to make it more independent.
What I mean is, if there are 4 apps, add 4 paths, if there are 2 apps, add 2 paths.
What is the most efficient way to do this?
As an example of how to put together the parameter line, the play below
- hosts: test_01
vars:
app_name1: A
app_name2: B
my_conf:
test_01:
lines:
- '/etc/*.conf'
- '/etc/{{ app_name1 }}/*.conf'
- '/etc/{{ app_name2 }}/*.conf'
tasks:
- debug:
msg: "files = {{ my_conf[inventory_hostname].lines|join(' ') }}"
gives
"msg": "files = /etc/*.conf /etc/A/*.conf /etc/B/*.conf"
With appropriate dictionary my_conf the task below should do the job
- name: Add apps paths in include section
lineinfile:
dest: /etc/supervisor/supervisord.conf
regex: '^files ='
line: "files = {{ my_conf[inventory_hostname].lines|join(' ') }}"
notify: restart supervisor
tags: multi_workers
(not tested)

How to pass git-tag to Gitlab .gitlab-ci.yml file

I'm about to tag a git commit with a release number and I was wondering if I could use that in the yaml file within the script.
Like this:
Git tag: MyTag "1.2.3.4" <---this is the tag info
and then in the .gitlab-ci.yml file:
script:
- MyPowerShellScript.ps1 MyTag
My hope is that it will execute: MyPowerShellScript.ps1 1.2.3.4
Can this be done?
You can access the tag name from .yaml by using
$CI_COMMIT_TAG
I hope I got the question right.

Ansible INI lookup plugin gives ['<element>'], instead of <element>

I have a users.ini file having below content:
[integration]
# My integration information
user=gertrude
pass=anotherpassword
I am trying to fetch the value in my below yml file using lookup plugin for INI:
- hosts: "{{vnf_ip}}"
connection: local
tasks:
debug: msg="User in integration is {{ lookup('ini', 'user section=integration file=users.ini') }}"
But I am getting output as
TASK [debug] ***********************************************************************************************************************************
ok: [10.10.10.10] => {
"msg": "User in integration is ['gertrude']"
}
Instead of ['gertrude'] it should simply be gertrude.
How to get gertrude simply????
What Ansible version do you use? On modern 2.3.2 it works as expected and returns just gertrude.
If you can't upgrade, you can use first filter to get an element from your resulting list:
{{ lookup('ini', 'user section=integration file=users.ini') | first }}