From 219abc30a488651ef39df642edaba5277752dfdd Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 15 Oct 2024 12:22:16 +0200 Subject: [PATCH 1/3] role nginx_uwsgi: refactor, lint, and add uwsgi_app_env variable --- docs/roles/nginx_uwsgi.md | 3 ++- playbooks/roles/nginx_uwsgi/defaults/main.yml | 8 ++------ playbooks/roles/nginx_uwsgi/tasks/main.yml | 8 ++++---- playbooks/roles/nginx_uwsgi/templates/uwsgi.service.j2 | 5 ++++- playbooks/roles/nginx_uwsgi/vars/main.yml | 6 ++++++ 5 files changed, 18 insertions(+), 12 deletions(-) create mode 100644 playbooks/roles/nginx_uwsgi/vars/main.yml diff --git a/docs/roles/nginx_uwsgi.md b/docs/roles/nginx_uwsgi.md index c838ffde..19d4695a 100644 --- a/docs/roles/nginx_uwsgi.md +++ b/docs/roles/nginx_uwsgi.md @@ -33,10 +33,11 @@ The nginx web server is used as a reverse proxy, using the [reverse_proxy](./ngi - `uwsgi_app_dir`: String. Path to the directory where the application to be served by uwsgi should be located (will be created if necessary). Default: `/var/www/uwsgi`. - `uwsgi_app_path`: String. Path to the Python file within `uwsgi_app_dir`. Default: `app.py`. - `uwsgi_app_name`: String. Name of the application, to be added to `/etc/uwsgi/apps-available`. +- `uwsgi_app_env`: Dict. Environment variables to be added to the environment in which `uwsgi` is executed, e.g. `{'FOO': 'bar', 'BAZ': 'qux'}`. Default: `{}`. - `uwsgi_plugins`: String. Which uwsgi plugins should be used for this app. Default: `python3`. (See uWSGI documentation.) - `uwsgi_nginx_mountpoint`: String. The Nginx location specifier determining at which URL the app will be served (for example: `/example/`). Default: `/{{ uwsgi_app_name }}/`. - `uwsgi_num_workers`: Integer. The number of workers `uwsgi` should spawn to handle requests for this app. Default: 2. -- `uwsgi_venv`: Boolean/String. To use a preexisting installation of `uwsgi` in a venv (rather than using the system-provided `uwsgi`), set this to the path to the root of the `venv`. Default: `false`. +- `uwsgi_venv`: String. To use a preexisting installation of `uwsgi` in a venv (rather than using the system-provided `uwsgi`), set this to the path to the root of the `venv`. Default: `''`. - `uwsgi_proxy_config`: Dict. Options to be passed to the [reverse proxy role](./nginx_reverse_proxy.md), in addition to the default location and `uwsgi_pass` settings. Example: `{ auth: 'sram' }`. Default: empty. - `uwsgi_config`: Dict. Key/value pairs that will be translated to `uwsgi` settings added to the application's `.ini` file. Example: `{ callable: 'foobar' }` (see `uwsgi`'s docs for options). Default: empty. - `uwsgi_config_block`: String. Multiline .ini style key/value pairs to be added to the application's `.ini` file. diff --git a/playbooks/roles/nginx_uwsgi/defaults/main.yml b/playbooks/roles/nginx_uwsgi/defaults/main.yml index 600b0221..b2b075d8 100644 --- a/playbooks/roles/nginx_uwsgi/defaults/main.yml +++ b/playbooks/roles/nginx_uwsgi/defaults/main.yml @@ -7,12 +7,8 @@ uwsgi_nginx_mountpoint: /{{ uwsgi_app_name }}/ uwsgi_nginx_backend: unix:/tmp/uwsgi-{{ uwsgi_app_name }}.sock uwsgi_num_workers: 2 uwsgi_log_dir: /var/log/uwsgi -uwsgi_venv: false -uwsgi_default_proxy_config: # Don't override this - name: "{{ uwsgi_app_name }}" - location: "{{ uwsgi_nginx_mountpoint }}" - include: uwsgi_params - uwsgi_pass: "{{ uwsgi_nginx_backend }}" +uwsgi_env: {} +uwsgi_venv: '' uwsgi_proxy_config: {} uwsgi_config: {} uwsgi_config_block: "" diff --git a/playbooks/roles/nginx_uwsgi/tasks/main.yml b/playbooks/roles/nginx_uwsgi/tasks/main.yml index 270e1351..98c70bce 100644 --- a/playbooks/roles/nginx_uwsgi/tasks/main.yml +++ b/playbooks/roles/nginx_uwsgi/tasks/main.yml @@ -16,7 +16,7 @@ mode: "0750" - name: Install uwsgi - when: not uwsgi_venv + when: not (uwsgi_venv | length > 0) package: name: - uwsgi @@ -24,15 +24,15 @@ state: present - name: Install uwsgi - when: uwsgi_venv + when: uwsgi_venv | length > 0 block: - name: Ensure build requirements for uwsgi present when: ansible_os_family == 'Debian' package: name: - - build-essential - - python3-dev + - build-essential + - python3-dev - name: Install uwsgi via pip pip: diff --git a/playbooks/roles/nginx_uwsgi/templates/uwsgi.service.j2 b/playbooks/roles/nginx_uwsgi/templates/uwsgi.service.j2 index 93514b9a..69415e94 100644 --- a/playbooks/roles/nginx_uwsgi/templates/uwsgi.service.j2 +++ b/playbooks/roles/nginx_uwsgi/templates/uwsgi.service.j2 @@ -8,7 +8,10 @@ Group=www-data WorkingDirectory={{ uwsgi_app_dir }} StandardOutput=append:/var/log/uwsgi/{{ uwsgi_app_name }}.log StandardError=append:/var/log/uwsgi/{{ uwsgi_app_name }}_err.log -{% if uwsgi_venv %} +{% for var_name, value in uwsgi_env.items() %} +Environment="{{ var_name }}={{ value }}" +{% endfor %} +{% if uwsgi_venv | length > 0 %} Environment="PATH={{ uwsgi_venv }}/bin" ExecStart={{ uwsgi_venv }}/bin/uwsgi --ini {{ uwsgi_app_dir }}/{{ uwsgi_app_name }}.ini {% else %} diff --git a/playbooks/roles/nginx_uwsgi/vars/main.yml b/playbooks/roles/nginx_uwsgi/vars/main.yml new file mode 100644 index 00000000..476a2c4e --- /dev/null +++ b/playbooks/roles/nginx_uwsgi/vars/main.yml @@ -0,0 +1,6 @@ +--- +uwsgi_default_proxy_config: + name: "{{ uwsgi_app_name }}" + location: "{{ uwsgi_nginx_mountpoint }}" + include: uwsgi_params + uwsgi_pass: "{{ uwsgi_nginx_backend }}" From a028967867cc51e13fccb1bb6edb58a4e08f84bc Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 15 Oct 2024 12:22:26 +0200 Subject: [PATCH 2/3] role uv: linting --- playbooks/roles/uv/defaults/main.yml | 2 +- playbooks/roles/uv/meta/main.yml | 1 - playbooks/roles/uv/tasks/main.yml | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/playbooks/roles/uv/defaults/main.yml b/playbooks/roles/uv/defaults/main.yml index 8704789b..a5fd30ca 100644 --- a/playbooks/roles/uv/defaults/main.yml +++ b/playbooks/roles/uv/defaults/main.yml @@ -1,4 +1,4 @@ --- uu_pipx_bin: "/usr/local/uu-pip/bin" uv_python_versions: [] -uv_venvs: [] \ No newline at end of file +uv_venvs: [] diff --git a/playbooks/roles/uv/meta/main.yml b/playbooks/roles/uv/meta/main.yml index c36a7f00..c9e5db8c 100644 --- a/playbooks/roles/uv/meta/main.yml +++ b/playbooks/roles/uv/meta/main.yml @@ -8,4 +8,3 @@ galaxy_info: - name: Ubuntu versions: - all - diff --git a/playbooks/roles/uv/tasks/main.yml b/playbooks/roles/uv/tasks/main.yml index eac5eb3e..8a50cb50 100644 --- a/playbooks/roles/uv/tasks/main.yml +++ b/playbooks/roles/uv/tasks/main.yml @@ -38,14 +38,14 @@ with_items: "{{ uv_python_versions_install }}" - name: Set uv python install path facts step 1 - shell: "uv python find {{ item }}" + command: "uv python find {{ item }}" changed_when: false register: "_uv_python_finds" with_items: "{{ uv_python_versions_install }}" - name: Set uv python install path facts step 2 set_fact: - uv_python_paths: "{{ (uv_python_paths | default({})) | combine({ item.item: item.stdout }) }}" + uv_python_paths: "{{ (uv_python_paths | default({})) | combine({item.item: item.stdout}) }}" with_items: "{{ _uv_python_finds.results }}" - name: Create venvs From a3f65611019428dd304396ee481ebb3cbc1006dd Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 15 Oct 2024 12:23:02 +0200 Subject: [PATCH 3/3] playbook flask_app: linting, add support for flask_app_env variable --- docs/playbooks/flask_app.md | 1 + playbooks/flask_app.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/playbooks/flask_app.md b/docs/playbooks/flask_app.md index 0cd27bb9..4113d3c2 100644 --- a/docs/playbooks/flask_app.md +++ b/docs/playbooks/flask_app.md @@ -40,6 +40,7 @@ The user can always modify the `uWSGI` config by setting the `flask_app_uwsgi_co - `flask_app_version`: String. Git tag or version to use. - `flask_app_path`: String. Path to the main `.py` file for your Flask app (often `app.py` or `wsgi.py`), relative to the repository root. - `flask_app_requirements`: String. Comma-separated list of paths to requirements file (.txt or .toml) in the repo. +- `flask_app_env`: String. Environment variables to be added to the environment in which the app is run, e.g. `FOO=bar BAZ=qux`. Default: `''`. - `flask_app_auth_sram`: Boolean. Whether to enable SRAM authorization / Single-Sign On authentication. Default: true. - `flask_app_auth_basic`: Boolean. Whether to enable http basic authentication. Default: false. If both this option and `flask_app_auth_sram` are enabled, the latter takes precedence. - `flask_app_python_version`: String. The version of Python to serve the app with. Default: `3.10`. diff --git a/playbooks/flask_app.yml b/playbooks/flask_app.yml index 92d448f1..fd9c1426 100644 --- a/playbooks/flask_app.yml +++ b/playbooks/flask_app.yml @@ -10,6 +10,7 @@ uwsgi_app_name: "{{ flask_app_name }}" uwsgi_app_path: "{{ flask_app_path }}" uwsgi_app_dir: /var/www/{{ flask_app_name }} + uwsgi_app_env: "{{ dict( ( flask_app_env | default('') ).split() | map('regex_search', '.+=.+') | select | map('split', '=') ) }}" uwsgi_num_workers: "{{ flask_app_num_workers | default('2', true) }}" _uwsgi_config: callable: app @@ -84,13 +85,13 @@ uv_venvs: - path: "{{ uwsgi_venv }}" python: "{{ flask_app_python_version }}" - + - name: Ensure build requirements for uwsgi present when: ansible_os_family == 'Debian' package: name: - - build-essential - - python3-dev + - build-essential + - python3-dev - name: Install uwsgi pip: @@ -106,11 +107,11 @@ - name: Install requirements when: flask_app_requirements | length > 0 pip: - executable: "uv_pip" + executable: "uv_pip" requirements: "{{ uwsgi_app_dir }}/{{ item | trim }}" environment: VIRTUAL_ENV: "{{ uwsgi_venv }}" with_items: "{{ flask_app_requirements.split(',') }}" - + roles: - role: nginx_uwsgi