This Repo will deploy a centOS 7 VM using vagrant and will provision it with Ansible with the following items:
- Install Nginx server
- Deploy of a python (flask) app that will show the system info
- The app will be communicating with Nginx using uWSGI
- Nginx is used as a reverse proxy in front of the application and provides SSL communication based on self-signed certificate
- Install Supervisord and implementation of the Nginx and uWSGI services using it
- Add an entry in your local /etc/hosts with the new server (MSD_JUAN)
You will need the following software installed in your machine:
- Ansible
- Vagrant
- VirtualBox or other VM provider for Vagrant (vmware_desktop,libvirt,hyperv)
-
Clone the repository to your local host and change directory to the main /MSD_HW folder
-
Start the VM creation and the ansible provisioning with the command
vagrant up -
Once the VM is created and provisioned you should be able to access the site and see the system info at https://192.168.33.13
-
Suervisord interface should be now accesible at http://192.168.33.13:9001
-
Execute the playbook_local.yml to add an entry in your local /etc/hosts with the new server (MSD_JUAN)
ansible-playbook -i "localhost" -c local playbook_local.yml -
Now try to ssh the server using the hostname
ssh vagrant@MSD_JUAN -i PATH_TO_REPO/.vagrant/machines/default/virtualbox/private_key
This role will simply install the EPEL repository for Centos7 and then it will install Nginx. EPEL is needed in order to download nginx via yum
This role has the final purpose of generating a self signed certificate in the host. For this the automation will:
- Install the required packages: openssl, pip (needed to install python packages) and PyOpenssl
- Create the directories where we will generate the certificate and key
- Generate a private key in /etc/ssl/private/msd.pem
- Generate a certificate signing request using that key, and filling the data needed (email, country ...etc)
- Finally it will generate a self signed certificate using the key and the signing request. We can now use our certificate sitting in the folder /etc/ssl/certs/nginx-selfsigned.crt
This role will deploy a python app (flask) that will communicate with the nginx server using uWSGI so it can be used as a reverse proxy using SSL with the certificate we generated in the previous role. Steps are:
-
Install all the required python dependencies and pip packages (including uWSGI and Flask framework) so our app can run
-
We will copy our python app into the host in the /etc/nginx/app folder. The app is sitting in the /FILES folder of the role
-
Copy he nginx.conf file (configuration file for nginx) to redirect the app being served over uWSGI to the SSL port 443. The file is sitting in the /FILES folder of the role
Problem found: The reverse proxy seemed to be not working and i was receiving the "failed (98: Address already in use)" in the ssl port 443 The root cause was the Security-Enhaced linux interfering the communication. For this we will have to set Selinux to "Permissive" state -
Set the Selinux to "Permissive" state to solve the above mentioned problem
This role will install and setup supervisord and will link it to the Nginx and uWSGI proccesses. For this it will execute the following steps:
- Upgrade pip (needed to install latest version of supervisord) and then install Supervisord
- Copy the supervisord conf file sitting in the /FILES folder of the role to the host. This conf file has been already modified to add the nginx and uWSGI processes
- Start supervisord.This will automatically start the Nginx server and the uWSGI bridge. From now we will be able to monitor the services through the web interface http://192.168.33.13:9001
This is a very simple role. It will just add an entry in our local machine /etc/hosts file for our new server. The server was automatically renamed to MSD_JUAN in the Vagrantfile configuration