Merge pull request #26 from OpenGeoscience/fix_geoserver_permission

Fix geoserver permission

Author: aashish24

.gitignore

@@ -0,0 +1 @@
+.vagrant

ansible/.gitignore

@@ -0,0 +1 @@
+*.retry

ansible/README.md

@@ -53,3 +53,48 @@ Note: You may need to bring the vagrant box down and up for geonode to work.
 
     $ vagrant halt
     $ vagrant up
+
+
+## Deploying to ec2 (or other server)
+
+Several variables have to be set correctly before deploying to a remote server. This can be achived by creating a custom inventory with the group ```[geoservices]``` and the host you will deploy too. 
+
+```
+[geoservices]
+XXX.XXX.XXX.XXX ansible_ssh_private_key_file=PATH_TO_PEM_FILE ansible_user=ubuntu deploy_user=ubuntu site_url=http://ec2-XXX-XXX-XXX-XXX.us-west-2.compute.amazonaws.com/ server_name=XXX-XXX-XXX-XXX-XXX.us-west-2.compute.amazonaws.com
+```
+
+Replace X's with the IP address of the remote server
+
+* `ansible_user` - will be the user ansible SSHes in as
+* `deploy_user` - will be the user used to deploy and install all the software (usually the same as ansible_user)
+* `ansible_ssh_private_key_file` - the PEM file that corresponds to the ansible_user and provides passwordless ssh access
+* `site_url` - the url of the website - used by geonode to identify its base URL
+* `server_name` - the fully qualified domain name of the server
+
+To deploy, run ```ansible-playbook -i /path/to/inventory playbook.yml``` From this directory.  
+
+Alternately,  variables may be placed in a local variables file,  e.g.:
+
+/path/to/local_vars.yml
+```yaml
+ansible_ssh_private_key_file: PATH_TO_PEM_FILE 
+ansible_user: ubuntu 
+deploy_user: ubuntu 
+site_url: http://ec2-XXX-XXX-XXX-XXX.us-west-2.compute.amazonaws.com/ 
+server_name: ec2-XXX-XXX-XXX-XXX.us-west-2.compute.amazonaws.com
+```
+
+With an inventory:
+
+/path/to/inventory
+```
+[geoservices]
+XXX.XXX.XXX.XXX 
+```
+
+To deploy,  run:
+
+```
+ansible-playbook -i /path/to/inventory -e @/path/to/local_vars.yml playbook.yml
+```

ansible/Vagrantfile

@@ -13,11 +13,12 @@ Vagrant.configure("2") do |config|
     config.vm.network "private_network", ip: "192.168.33.12"
     geoservices.vm.provider :virtualbox do |vb|
        vb.customize [ "modifyvm", :id, "--name", "geoservices","--memory", 4096 ]
-  	end
+        end
     geoservices.vm.provision "ansible" do |ansible|
-        ansible.playbook = "playbook.yml"
-        ansible.verbose = "vvvv"
-        ansible.host_key_checking = false
+      ansible.playbook = "playbook.yml"
+      ansible.galaxy_role_file = "requirements.txt"
+      ansible.verbose = "vv"
+      ansible.host_key_checking = false
     end
   end
 end

ansible/ansible.cfg

@@ -4,3 +4,4 @@ host_key_checking=False
 record_host_keys=False
 ssh.insert_key=False
 roles_path=roles
+ask_sudo_pass=True

ansible/playbook.yml

@@ -1,10 +1,11 @@
 - hosts: geoservices
-  remote_user: vagrant
+  remote_user: "{{ deploy_user }}"
   roles:
      - common
      - {role: geerlingguy.redis, sudo: yes}
      - zenoamaro.supervisord
      - postgres_postgis
+     - oracle_java
      - geoserver
      - nginx
      - uwsgi

ansible/roles/.gitignore

@@ -0,0 +1,2 @@
+geerlingguy.redis
+zenoamaro.supervisord

ansible/roles/dataqs/templates/celery.conf

@@ -1,7 +1,7 @@
 [program:celery_worker_high]
 command={{virtualenv_bin}}/celery --app=geonode.celery_app:app worker -n gdworker1.%%h
 directory=/home/{{deploy_user}}/epigeonode
-user=vagrant
+user={{ deploy_user }}
 numprocs=1
 stdout_logfile=/tmp/celery-worker-high.log
 stderr_logfile=/tmp/celery-worker-high-error.log
@@ -28,7 +28,7 @@ priority=1
 [program:celery_worker_low]
 command={{virtualenv_bin}}/celery --app=geonode.celery_app:app worker -n gdworker2.%%h
 directory=/home/{{deploy_user}}/epigeonode
-user=vagrant
+user={{ deploy_user }}
 numprocs=1
 stdout_logfile=/tmp/celery-worker-low.log
 stderr_logfile=/tmp/celery-worker-low-error.log
@@ -52,7 +52,7 @@ priority=1
 [program:celerybeat]
 command={{virtualenv_bin}}/celery --app=geonode.celery_app:app beat --loglevel=INFO
 directory=/home/{{deploy_user}}/epigeonode
-user=vagrant
+user={{ deploy_user }}
 numprocs=1
 stdout_logfile=/tmp/celery-beat.log
 stderr_logfile=/tmp/celery-beat.log
@@ -76,7 +76,7 @@ priority=10
 [program:celery-flower]
 command={{virtualenv_bin}}/celery --app=geonode.celery_app:app flower --loglevel=INFO --persistent=True
 directory=/home/{{deploy_user}}/epigeonode
-user=vagrant
+user={{ deploy_user }}
 numprocs=1
 stdout_logfile=/tmp/celery-flower.log
 stderr_logfile=/tmp/celery-flower.log

ansible/roles/geonode/files/known_hosts

@@ -40,11 +40,9 @@
     - libxslt-dev
 
 
-- name: install known_hosts file to access GitHub
-  copy: src=known_hosts dest={{ssh_dir}}/known_hosts
 
 - name: checkout latest web app code
-  git: repo={{code_repository}} version=2.4.x dest={{app_code_dir}}/{{app_name}} force=yes
+  git: repo={{code_repository}} version=2.4.x dest={{app_code_dir}}/{{app_name}} force=yes accept_hostkey=yes
 
 - name: copy the local_settings.py file in place
   template: src=local_settings.py.j2 dest={{geonode_root}}/local_settings.py
@@ -71,27 +69,27 @@
        extra_args='-e'
 
 - name: create static directory for Django app if it does not exist
-  file: path=/var/www/{{app_name}}/static state=directory mode=0777 owner=www-data group=www-data
+  file: path=/var/www/{{app_name}}/static state=directory mode=0770 owner=www-data group={{ deploy_user }}
   sudo: yes
 
 - name: create uploaded directory for Django app if it does not exist
-  file: path=/var/www/{{app_name}}/uploaded state=directory mode=0777 owner=www-data group=www-data
+  file: path=/var/www/{{app_name}}/uploaded state=directory mode=0770 owner=www-data group={{ deploy_user }}
   sudo: yes
 
 - name: create uploaded/layers directory for Django app if it does not exist
-  file: path=/var/www/{{app_name}}/uploaded/layers/ state=directory mode=0777 owner=www-data group=www-data
+  file: path=/var/www/{{app_name}}/uploaded/layers/ state=directory mode=0770 owner=www-data group={{ deploy_user }}
   sudo: yes
 
 - name: create uploaded/thumbs directory for Django app if it does not exist
-  file: path=/var/www/{{app_name}}/uploaded/thumbs/ state=directory mode=0777 owner=www-data group=www-data
+  file: path=/var/www/{{app_name}}/uploaded/thumbs/ state=directory mode=0770 owner=www-data group={{ deploy_user }}
   sudo: yes
 
 - name: rename the vassals-default.ini file to the app name
-  file: src=/etc/uwsgi/vassals-default.skel dest=/etc/uwsgi/{{app_name}}.ini owner=www-data group=www-data state=link
+  file: src=/etc/uwsgi/vassals-default.skel dest=/etc/uwsgi/{{app_name}}.ini owner=www-data group={{ deploy_user }} state=link
   sudo: yes
 
 - name: create uwsgi log directory
-  file: path=/var/log/uwsgi state=directory mode=0777 owner=www-data group=www-data
+  file: path=/var/log/uwsgi state=directory mode=0770 owner=www-data group={{ deploy_user }}
   sudo: yes
 
 - name: create {{db_metadata_instance}} db
@@ -124,9 +122,18 @@
   sudo_user: postgres
 
 - name: make manage executable for ansible >= 2.0
-  file: path={{app_code_dir}}/{{app_name}}/manage.py mode=0777
+  file: path={{app_code_dir}}/{{app_name}}/manage.py mode=0770
 
 
+- name: Set file permissions so we can generate state content
+  file:
+    state: directory
+    owner: "{{ deploy_user }}"
+    group: "{{ deploy_user }}"
+    path: "/var/www/{{app_name}}"
+    recurse: true
+  sudo: yes
+
 - name: Django collectstatic
   django_manage: command=collectstatic
                  app_path={{app_code_dir}}/{{app_name}}
@@ -139,6 +146,18 @@
                  virtualenv={{virtualenv_dir}}/{{app_name}}
                  settings={{main_module}}.settings
 
+
+- name: Set file permissions so we can generate state content
+  file:
+    state: directory
+    owner: www-data
+    group: "{{ deploy_user }}"
+    path: "/var/www/{{app_name}}"
+    mode: 0775
+    recurse: true
+  sudo: yes
+
+
 - name: wait for geoserver to be up
   shell: curl --head --silent {{geoserver_root_url}}/web/
   register: result