Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Ansible playbook now works with Appsmith fat image (#9509)

Browse Source
This commit is contained in:
geekup-legodevops 2021-12-11 09:31:56 +07:00 committed by GitHub
parent b31d390054
commit 192f5acf0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 162 additions and 2177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -12,3 +12,4 @@ package-lock.json
# test coverage
coverage-summary.json
app/client/cypress/locators/Widgets.json
deploy/ansible/appsmith_playbook/inventory

65
deploy/ansible/README.MD
View File

@ -1,92 +1,93 @@
# Introduction
This document will explain, to those unfamiliar with Ansible, how they can get an Ansible environment set-up quickly, with the end goal of deploying Appsmith.
It is a quick, dirty HowTo format, not intended to teach you Ansible's full capabilities. Ansible is an incredible tool, with great documentation, a welcoming community, and it's all very easy to pick up - not to mention extremely powerful and suited for just about any situation.
# Operational Overview
Ansible works on a "push to clients" basis. You have your control node, which pushes all the configuration/ad-hoc tasks out to your systems via SSH, with no client running on the systems you're deploying to! This model means it's very fast, efficient, secure, scalable, and extremely portable.
So, to control remote systems, you only need to install Ansible on your control node - your own desktop would make a great control node to deploy from
# Getting Ansible
It's recommended that you check out Ansible's official documentation on installing (it's really easy!), but here's a quick rundown of installation methods:
## Package manager
If you're running a UNIX-like system, like Linux or BSD, Ansible is likely available in your official package repositories. Use your package manager to see if it's available, and if so, install it! Ansible's installation documentation has a section on this - just scroll down until you see your OS.
## Via Pip
Ansible is written in Python, so, it's only natural that it be available for install via pip. If you have pip installed, it's as easy as:
Ansible is written in Python, so, it's only natural that it be available for install via pip. If you have pip installed, it's as easy as:
```
$ sudo pip install ansible
```
If not, check to see if you can install pip via your system's package manager (you want the Python 2.7 version!).
Or, if you're on Mac OS X, and you're not using Homebrew or pkgsrc, you should be able to install pip using easy_install, like so:
Or, if you're on Mac OS X, and you're not using Homebrew or pkgsrc, you should be able to install pip using easy_install, like so:
```
$ sudo easy_install pip
```
```
then
```
$ sudo pip install ansible
```
# Simple Deployment Environment for Appsmith
So, now you've got Ansible installed, you can get ready to deploy Appsmith!
## Prerequisites
- You must have SSH access to the system you want to deploy to as the root user.
## Inventory set-up
First you will need to clone the appsmith repository to your machine & move to the ansible playbook folder
```
$ git clone https://github.com/appsmithorg/appsmith.git
$ cd ./appsmith/ansible/appsmith_playbook
$ cd ./appsmith/deploy/ansible/appsmith_playbook
```
Make the inventory file `inventory`, for simplicity's sake:
```
$ touch inventory
```
Now, with your editor, open the file and add the hostname or FQDN of the server(s) you want to deploy Appsmith to with the following pattern:
```
appsmith ansible_host={{ SERVER_HOST }} ansible_port={{ SERVER_PORT }} ansible_user={{ SERVER_USER }}
```
If you are using SSH keypairs for authenticating your SSH connections to your server. You can tell Ansible your ssh private key file in the `inventory` file
using `ansible_ssh_private_key_file`
```
appsmith ansible_host={{ SERVER_HOST }} ansible_port={{ SERVER_PORT }} ansible_user={{ SERVER_USER }} ansible_ssh_private_key_file={{ SSH_PRIVATE_KEY_FILE }}
```
After you completed the above step then we're pretty much done with the inventory
## Setup your configuration vars for Appsmith
The next step is to setup necessary configuration for your app to run such as environment variable, domain name, etc.
First you need to open `appsmith-vars.yml` file with your editor.
There are some variables that will need input from you to get the application start correctly
- `install_dir`: The absolute path of your app's installation folder on the server (required)
- `mongo_host`: Your mongo hostname. By default it will be `mongo` (required)
- `mongo_root_user`: Your mongo root user (required)
- `mongo_root_password`: Your mongo root password (required)
- `mongo_database`: Your mongo database name. By default, it will be `appsmith` (required)
- `user_encryption_password`: Encryption password to encrypt all credentials in the database (required)
- `user_encryption_salt`: Encryption salt used to encrypt all credentials in the database (required)
- `custom_domain`: Your custom domain for your app. Make sure that you have custom domain record map to your app's server (optional)
- `install_dir`: The absolute path of your app's installation folder on the server (required). Default: `~/appsmith`
Once you complete setup config vars for your app then we are ready to deploy our app on your server.
## Run the Ansible playbook
## Setup SSL (Optional)
This section will help you setup SSL for your custom domain of your app
### Prerequisites
- You need to have a custom domain record map to your app's server
Before running your playbook, open `appsmith-vars.yml` with your editor & edit the variables below:
- `ssl_enable`: Set this variable to `true`
- `letsencrypt_email`: Provide your email if you want to receive expiry notices when your certificate is coming up for renewal
- `is_ssl_staging`: Set this variable to `true` if you want to use certificate provided by let's encrypt staging environment
## Run the Ansible playbook
After complete the above step. Now the only remain step we need to do is run the ansible playbook.
You can run the ansible playbook with the following command
@ -98,16 +99,4 @@ The command above will use the host information from the `inventory` file & feed
When it's all done, provided all went well and no parameters were changed, you should be able to visit your app on browser using your `custom_domain` or by your `SERVER_HOST` (if you didn't provide value for `custom_domain` variable )
**Note**: You can put your `inventory` file in other folder and then specify its path with the `-i` flag, for detail, check [Ansible Inventory documentation](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html)
**Note**: You can put your `inventory` file in other folder and then specify its path with the `-i` flag, for detail, check [Ansible Inventory documentation](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html)

5
deploy/ansible/appsmith_playbook/appsmith-playbook.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: Configure the self-hosted server
hosts: appsmith
roles:
- setup-appsmith

45
deploy/ansible/appsmith_playbook/appsmith-vars.yml
View File

@ -1,45 +1,2 @@
---
user_email: 'youremail@gmail.com'
install_dir: ''
mongo_host: 'mongo'
mongo_root_user: ''
mongo_root_password: ''
mongo_database: 'appsmith'
user_encryption_password: ''
user_encryption_salt: ''
custom_domain: ''
ssl_enable: 'false'
letsencrypt_email: 'youremail@gmail.com'
is_ssl_staging: 'false'
disable_telemetry: 'true'
mail_enabled: 'false'
mail_from: ''
mail_to: ''
mail_host: ''
mail_port: ''
mail_ssl_enabled: 'false'
mail_username: ''
mail_password: ''
mail_auth: ''
google_client_id: ''
google_secret_id: ''
github_client_id: ''
github_secret_id: ''
google_maps_api_key: ''
sentry_dns: ''
smart_look_id: ''
marketplace_enabled: 'false'
segment_key: ''
optimizely_key: ''
algolia_api_id: ''
algolia_search_index_name: ''
algolia_api_key: ''
client_log_level: ''
tnc_pp: ''
version_id: ''
version_release_date: ''
intercom_app_id: ''
google_recaptcha_site_key: ''
google_recaptcha_secret_key: ''
google_recaptcha_enabled: 'false'
disable_intercom: 'false'
install_dir: '~/appsmith'

61
deploy/ansible/appsmith_playbook/main.yml
View File

@ -1,61 +0,0 @@
---
- name: Configure the self-hosted server
hosts: appsmith
any_errors_fatal: true
vars:
analytics_webhook_uri: https://hook.integromat.com/dkwb6i52am93pi30ojeboktvj32iw0fa
ipify_url: https://api64.ipify.org
tasks:
- name: Deploy appsmith on host
block:
- name: Get OS
shell: |
cat /etc/*-release | awk -F= '$1 == "NAME" { gsub(/"/, ""); print $2; exit }' | tr '[:upper:]' '[:lower:]'
register: os
- name: Get app installation id
uri:
url: "{{ ipify_url }}"
return_content: yes
register: app_installation_id
- name: Push installation started event to integromat
uri:
url: "{{ analytics_webhook_uri }}"
method: POST
body: "{\"userId\":\"{{ app_installation_id.content }}\",\"event\":\"Installation Started\",\"data\":{\"os\":\"{{ os.stdout }}\", \"platform\": \"ansible\"}}"
body_format: json
return_content: yes
- name: Setup dependencies
import_role:
name: base
- name: Generate config template
import_role:
name: generate_template
- name: Run App
import_role:
name: start_app
- name: Config SSL
import_role:
name: domain_ssl
- name: Push installation success event to integromat
uri:
url: "{{ analytics_webhook_uri }}"
method: POST
body: "{\"userId\":\"{{ app_installation_id.content }}\",\"event\":\"Installation Success\",\"data\":{\"os\":\"{{ os.stdout }}\", \"platform\": \"ansible\"}}"
body_format: json
return_content: yes
rescue:
- name: Push installation failed event to integromat
uri:
url: "{{ analytics_webhook_uri }}"
method: POST
body: "{\"userId\":\"{{ app_installation_id.content }}\",\"event\":\"Installation Support\",\"data\":{\"os\":\"{{ os.stdout }}\", \"platform\": \"ansible\", \"email\": \"{{ user_email }}\"}}"
body_format: json
return_content: yes

27
deploy/ansible/appsmith_playbook/roles/base/tasks/main.yml
View File

@ -1,27 +0,0 @@
---
- name: Upgrade all packages to the latest version
apt:
name: "*"
state: latest
become: yes
- name: Install required system packages
apt:
update_cache: yes
name:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- python3-pip
- virtualenv
- python3-setuptools
state: latest
become: yes
tags:
- always
- include_tasks: setup-ubuntu.yml
when: ansible_os_family == 'Debian'
- include_tasks: install-docker.yml

31
deploy/ansible/appsmith_playbook/roles/base/tasks/setup-ubuntu.yml
View File

@ -1,31 +0,0 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name:
- docker
- docker-engine
state: absent
- name: Ensure dependencies are installed.
apt:
name:
- apt-transport-https
- ca-certificates
- gnupg2
- curl
state: present
become: yes
- name: Add Docker apt key
shell: >
curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add -
args:
warn: false
become: yes
- name: Add Docker repository.
apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
update_cache: true
become: yes

9
deploy/ansible/appsmith_playbook/roles/domain_ssl/handlers/main.yml
View File

@ -1,9 +0,0 @@
---
- name: Send request to integromat webhook after configure ssl successfully
uri:
url: "{{ analytics_webhook_uri }}"
method: POST
body: "{\"userId\":\"{{ app_installation_id.content }}\",\"event\":\"Configure SSL Successfully\",\"data\":{\"os\":\"{{ os.stdout }}\", \"platform\": \"ansible\"}}"
body_format: json
return_content: yes
listen: "Configure SSL"

16
deploy/ansible/appsmith_playbook/roles/domain_ssl/tasks/main.yml
View File

@ -1,16 +0,0 @@
---
- name: Copy init_letsencrypt template
template:
src="init_letsencrypt.sh.j2"
dest="{{ install_dir }}/init_letsencrypt.sh"
mode="0755"
when: ssl_enable | bool
become: yes
- name: Run init-letsencrypt
shell: "{{ install_dir}}/init_letsencrypt.sh"
when: ssl_enable | bool
become: yes
notify: "Configure SSL"

80
deploy/ansible/appsmith_playbook/roles/domain_ssl/templates/init_letsencrypt.sh.j2
View File

@ -1,80 +0,0 @@
#!/bin/bash
certbot_cmd() {
sudo docker-compose run --rm --entrypoint "$1" certbot
}
install_dir="{{ install_dir }}"
domain="{{ custom_domain }}"
email="{{ letsencrypt_email }}"
is_ssl_staging="{{ is_ssl_staging }}"
echo "Creating certificate for '$domain'."
rsa_key_size=4096
data_path="$install_dir/data/certbot"
sudo chown -R ubuntu:ubuntu "$data_path"
mkdir -p "$data_path"/{conf,www}
if ! [[ -e "$data_path/conf/options-ssl-nginx.conf" && -e "$data_path/conf/ssl-dhparams.pem" ]]; then
echo "### Downloading recommended TLS parameters..."
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Requesting Let's Encrypt certificate for '$domain'..."
if [[ -z $email ]]; then
email_arg="--register-unsafely-without-email"
else
email_arg="--email $email --no-eff-email"
fi
if [[ $is_ssl_staging == "true" ]]; then
staging_arg="--staging"
else
staging_arg=""
fi
echo "### Generating OpenSSL key for '$domain'..."
live_path="/etc/letsencrypt/live/$domain"
cd "$install_dir"
certbot_cmd \
"sh -c \"mkdir -p '$live_path' && openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
-keyout '$live_path/privkey.pem' \
-out '$live_path/fullchain.pem' \
-subj '/CN=localhost' \
\""
echo
echo "### Starting nginx..."
sudo docker-compose up --force-recreate --detach nginx
echo
echo "### Removing key now that validation is done for $domain..."
certbot_cmd \
"rm -Rfv /etc/letsencrypt/live/$domain /etc/letsencrypt/archive/$domain /etc/letsencrypt/renewal/$domain.conf"
echo
# The following command exits with a non-zero status code even if the certificate was generated, but some checks failed.
# So we explicitly ignore such failure with a `|| true` in the end, to avoid bash quitting on us because this looks like
# a failed command.
certbot_cmd "certbot certonly --webroot --webroot-path=/var/www/certbot \
$staging_arg \
$email_arg \
--domains $domain \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" \
|| true
echo
echo "### Reloading nginx..."
sudo docker-compose exec nginx nginx -s reload

3
deploy/ansible/appsmith_playbook/roles/generate_template/defaults/main.yml
View File

@ -1,3 +0,0 @@
---
# Default installation dir
install_dir: /home/ubuntu/appsmith

40
deploy/ansible/appsmith_playbook/roles/generate_template/tasks/main.yml
View File

@ -1,40 +0,0 @@
---
- name: Create installation folder
file:
path: "{{ install_dir }}"
state: directory
- name: reate mongo and nginx folder if they don't exist
file:
path: "{{ install_dir }}/data/{{ item }}"
state: directory
loop: ["nginx", "mongo"]
- name: Check for encryption.env
stat:
path: "{{ install_dir }}/encryption.env"
register: encryption_exists
- name: Copy template file
template: src={{ item.src }} dest={{ item.dest }}
loop:
- { src: 'docker-compose.j2', dest: '{{ install_dir }}/docker-compose.yml'}
- { src: 'mongo-init.js.j2', dest: '{{ install_dir }}/data/mongo/init.js'}
- { src: 'docker.env.j2', dest: '{{ install_dir }}/docker.env'}
become: yes
- name: Copy encryption template file
template: src="encryption.env.j2" dest="{{ install_dir }}/encryption.env"
when: not encryption_exists.stat.exists
- set_fact:
ssl_cmt: "{% if ssl_enable == 'false' %}#{% endif %}"
- name: Copy nginx template file
template: src="nginx-app.conf.j2" dest="{{ install_dir }}/data/nginx/app.conf.template"
become: yes

80
deploy/ansible/appsmith_playbook/roles/generate_template/templates/docker-compose.j2
View File

@ -1,80 +0,0 @@
version: "3.7"
services:
nginx:
image: appsmith/appsmith-editor
env_file: ./docker.env
ports:
- "80:80"
- "443:443"
volumes:
- ./data/nginx/app.conf.template:/nginx.conf.template
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & /start-nginx.sh'"
depends_on:
- appsmith-internal-server
labels:
com.centurylinklabs.watchtower.enable: "true"
networks:
- appsmith
certbot:
image: certbot/certbot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
networks:
- appsmith
appsmith-internal-server:
image: appsmith/appsmith-server:latest
env_file:
- ./docker.env
- ./encryption.env
expose:
- "8080"
links:
- mongo
depends_on:
- mongo
- redis
labels:
com.centurylinklabs.watchtower.enable: "true"
networks:
- appsmith
mongo:
image: mongo:4.4.6
expose:
- "27017"
environment:
- MONGO_INITDB_DATABASE={{ mongo_database }}
- MONGO_INITDB_ROOT_USERNAME={{ mongo_root_user }}
- MONGO_INITDB_ROOT_PASSWORD={{ mongo_root_password }}
volumes:
- ./data/mongo/db:/data/db
- ./data/mongo/init.js:/docker-entrypoint-initdb.d/init.js:ro
networks:
- appsmith
redis:
image: redis
expose:
- "6379"
networks:
- appsmith
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# Update check interval in seconds.
command: --interval 300 --label-enable --cleanup
networks:
- appsmith
networks:
appsmith:
driver: bridge

57
deploy/ansible/appsmith_playbook/roles/generate_template/templates/docker.env.j2
View File

@ -1,57 +0,0 @@
# Read our documentation on how to configure these features
# https://docs.appsmith.com/v/v1.2.1/setup/docker#enabling-services-for-self-hosting
# ***** Email **********
APPSMITH_MAIL_ENABLED={{ mail_enabled }}
APPSMITH_MAIL_FROM={{ mail_from }}
APPSMITH_REPLY_TO= {{ mail_to }}
APPSMITH_MAIL_HOST= {{ mail_host }}
APPSMITH_MAIL_PORT= {{ mail_port }}
# ***** Set to true if providing a TLS port ******
APPSMITH_MAIL_SMTP_TLS_ENABLED={{ mail_ssl_enabled}}
APPSMITH_MAIL_USERNAME= {{ mail_username }}
APPSMITH_MAIL_PASSWORD= {{ mail_password }}
APPSMITH_MAIL_SMTP_AUTH= {{ mail_auth }}
# ******************************
# ******** Google OAuth ********
{% if not google_client_id or not google_secret_id %}
#APPSMITH_OAUTH2_GOOGLE_CLIENT_ID=
#APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET=
{% else %}
APPSMITH_OAUTH2_GOOGLE_CLIENT_ID={{ google_client_id }}
APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET={{ google_secret_id }}
{% endif %}
# ******************************
# ********* Github OAUth **********
{% if not google_client_id or not google_secret_id %}
#APPSMITH_OAUTH2_GITHUB_CLIENT_ID=
#APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET=
{% else %}
APPSMITH_OAUTH2_GITHUB_CLIENT_ID={{ github_client_id }}
APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET={{ github_client_secret }}
{% endif %}
# *********************************
# ******** Google Maps ***********
APPSMITH_GOOGLE_MAPS_API_KEY= {{ google_maps_api_key}}
# ********************************
# ******** Database *************
APPSMITH_REDIS_URL=redis://redis:6379
APPSMITH_MONGODB_URI=mongodb://{{ mongo_root_user }}:{{ mongo_root_password }}@{{ mongo_host }}/{{ mongo_database }}?retryWrites=true
# *******************************
APPSMITH_DISABLE_TELEMETRY={{ disable_telemetry }}
# ******** Google Recaptcha Keys ***********
APPSMITH_RECAPTCHA_SITE_KEY= {{ google_recaptcha_site_key }}
APPSMITH_RECAPTCHA_SECRET_KEY= {{ google_recaptcha_secrete_key }}
APPSMITH_RECAPTCHA_ENABLED= {{ google_recaptcha_enabled }}
# ********************************
# ******** Intercom **************
APPSMITH_DISABLE_INTERCOM= {{ disable_intercom }}
# ********************************

2
deploy/ansible/appsmith_playbook/roles/generate_template/templates/encryption.env.j2
View File

@ -1,2 +0,0 @@
APPSMITH_ENCRYPTION_PASSWORD={{ user_encryption_password }}
APPSMITH_ENCRYPTION_SALT= {{ user_encryption_salt }}

1529
deploy/ansible/appsmith_playbook/roles/generate_template/templates/mongo-init.js.j2
View File

File diff suppressed because it is too large Load Diff

126
deploy/ansible/appsmith_playbook/roles/generate_template/templates/nginx-app.conf.j2
View File

@ -1,126 +0,0 @@
map $http_x_forwarded_proto $origin_scheme {
default $http_x_forwarded_proto;
'' $scheme;
}
server {
listen 80;
server_name {{ custom_domain }};
client_max_body_size 100m;
gzip on;
root /var/www/appsmith;
index index.html index.htm;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
proxy_set_header X-Forwarded-Proto $origin_scheme;
proxy_set_header X-Forwarded-Host $host;
location / {
try_files $uri /index.html =404;
sub_filter __APPSMITH_SENTRY_DSN__ '{{ sentry_dns }}';
sub_filter __APPSMITH_SMART_LOOK_ID__ '{{ smart_look_id }}';
sub_filter __APPSMITH_OAUTH2_GOOGLE_CLIENT_ID__ '{{ google_client_id }}';
sub_filter __APPSMITH_OAUTH2_GITHUB_CLIENT_ID__ '{{ github_client_id }}';
sub_filter __APPSMITH_DISABLE_TELEMETRY__ '{{ disable_telemetry }}';
sub_filter __APPSMITH_MARKETPLACE_ENABLED__ '{{ marketplace_enabled }}';
sub_filter __APPSMITH_SEGMENT_KEY__ '{{ segment_key }}';
sub_filter __APPSMITH_OPTIMIZELY_KEY__ '{{ segment_key }}';
sub_filter __APPSMITH_ALGOLIA_API_ID__ '{{ algolia_api_id }}';
sub_filter __APPSMITH_ALGOLIA_SEARCH_INDEX_NAME__ '{{ algolia_search_index_name }}';
sub_filter __APPSMITH_ALGOLIA_API_KEY__ '{{ algolia_api_key }}';
sub_filter __APPSMITH_CLIENT_LOG_LEVEL__ '{{ client_log_level }}';
sub_filter __APPSMITH_GOOGLE_MAPS_API_KEY__ '{{ google_maps_api_key }}';
sub_filter __APPSMITH_TNC_PP__ '{{ tnc_pp }}';
sub_filter __APPSMITH_VERSION_ID__ '{{ version_id }}';
sub_filter __APPSMITH_VERSION_RELEASE_DATE__ '{{ version_release_date }}';
sub_filter __APPSMITH_INTERCOM_APP_ID__ '{{ intercom_app_id }}';
sub_filter __APPSMITH_MAIL_ENABLED__ '{{ mail_enabled }}';
sub_filter __APPSMITH_RECAPTCHA_SITE_KEY__ '{{ google_recaptcha_site_key }}';
sub_filter __APPSMITH_RECAPTCHA_SECRET_KEY__ '{{ google_recaptcha_secrete_key }}';
sub_filter __APPSMITH_RECAPTCHA_ENABLED__ '{{ google_recaptcha_enabled }}';
sub_filter __APPSMITH_DISABLE_INTERCOM__ '{{ disable_intercom }}';
}
location /f {
proxy_pass https://cdn.optimizely.com/;
}
location /api {
proxy_pass http://appsmith-internal-server:8080;
}
location /oauth2 {
proxy_pass http://appsmith-internal-server:8080;
}
location /login {
proxy_pass http://appsmith-internal-server:8080;
}
}
{{ ssl_cmt }} server {
{{ ssl_cmt }} listen 443 ssl;
{{ ssl_cmt }} server_name {{ custom_domain }};
{{ ssl_cmt }} ssl_certificate /etc/letsencrypt/live/{{ custom_domain }}/fullchain.pem;
{{ ssl_cmt }} ssl_certificate_key /etc/letsencrypt/live/{{ custom_domain }}/privkey.pem;
{{ ssl_cmt }} include /etc/letsencrypt/options-ssl-nginx.conf;
{{ ssl_cmt }} ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
{{ ssl_cmt }} proxy_set_header X-Forwarded-Proto $origin_scheme;
{{ ssl_cmt }} proxy_set_header X-Forwarded-Host $host;
{{ ssl_cmt }} root /var/www/appsmith;
{{ ssl_cmt }} index index.html index.htm;
{{ ssl_cmt }} location / {
{{ ssl_cmt }} try_files $uri /index.html =404;
{{ ssl_cmt }} sub_filter __APPSMITH_SENTRY_DSN__ '{{ sentry_dns }}';
{{ ssl_cmt }} sub_filter __APPSMITH_SMART_LOOK_ID__ '{{ smart_look_id }}';
{{ ssl_cmt }} sub_filter __APPSMITH_OAUTH2_GOOGLE_CLIENT_ID__ '{{ google_client_id }}';
{{ ssl_cmt }} sub_filter __APPSMITH_OAUTH2_GITHUB_CLIENT_ID__ '{{ github_client_id }}';
{{ ssl_cmt }} sub_filter __APPSMITH_DISABLE_TELEMETRY__ '{{ disable_telemetry }}';
{{ ssl_cmt }} sub_filter __APPSMITH_MARKETPLACE_ENABLED__ '{{ marketplace_enabled }}';
{{ ssl_cmt }} sub_filter __APPSMITH_SEGMENT_KEY__ '{{ segment_key }}';
{{ ssl_cmt }} sub_filter __APPSMITH_OPTIMIZELY_KEY__ '{{ segment_key }}';
{{ ssl_cmt }} sub_filter __APPSMITH_ALGOLIA_API_ID__ '{{ algolia_api_id }}';
{{ ssl_cmt }} sub_filter __APPSMITH_ALGOLIA_SEARCH_INDEX_NAME__ '{{ algolia_search_index_name }}';
{{ ssl_cmt }} sub_filter __APPSMITH_ALGOLIA_API_KEY__ '{{ algolia_api_key }}';
{{ ssl_cmt }} sub_filter __APPSMITH_CLIENT_LOG_LEVEL__ '{{ client_log_level }}';
{{ ssl_cmt }} sub_filter __APPSMITH_GOOGLE_MAPS_API_KEY__ '{{ google_maps_api_key }}';
{{ ssl_cmt }} sub_filter __APPSMITH_TNC_PP__ '{{ tnc_pp }}';
{{ ssl_cmt }} sub_filter __APPSMITH_VERSION_ID__ '{{ version_id }}';
{{ ssl_cmt }} sub_filter __APPSMITH_VERSION_RELEASE_DATE__ '{{ version_release_date }}';
{{ ssl_cmt }} sub_filter __APPSMITH_INTERCOM_APP_ID__ '{{ intercom_app_id }}';
{{ ssl_cmt }} sub_filter __APPSMITH_MAIL_ENABLED__ '{{ mail_enabled }}';
{{ ssl_cmt }} sub_filter __APPSMITH_RECAPTCHA_SITE_KEY__ '{{ google_recaptcha_site_key }}';
{{ ssl_cmt }} sub_filter __APPSMITH_RECAPTCHA_SECRET_KEY__ '{{ google_recaptcha_secrete_key }}';
{{ ssl_cmt }} sub_filter __APPSMITH_RECAPTCHA_ENABLED__ '{{ google_recaptcha_enabled }}';
{{ ssl_cmt }} sub_filter __APPSMITH_DISABLE_INTERCOM__ '{{ disable_intercom }}';
{{ ssl_cmt }} }
{{ ssl_cmt }} location /f {
{{ ssl_cmt }} proxy_pass https://cdn.optimizely.com/;
{{ ssl_cmt }} }
{{ ssl_cmt }} location /api {
{{ ssl_cmt }} proxy_pass http://appsmith-internal-server:8080;
{{ ssl_cmt }} }
{{ ssl_cmt }} location /oauth2 {
{{ ssl_cmt }} proxy_pass http://appsmith-internal-server:8080;
{{ ssl_cmt }} }
{{ ssl_cmt }} location /login {
{{ ssl_cmt }} proxy_pass http://appsmith-internal-server:8080;
{{ ssl_cmt }} }
{{ ssl_cmt }} }

6
deploy/ansible/appsmith_playbook/roles/base/defaults/main.yml → deploy/ansible/appsmith_playbook/roles/setup-appsmith/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_package: "docker-{{ docker_edition }}"
docker_package: 'docker-{{ docker_edition }}'
docker_package_state: present
# Service options.
@ -11,13 +11,13 @@ docker_restart_handler_state: restarted
# Docker Compose options.
docker_install_compose: true
docker_compose_version: "1.27.0"
docker_compose_version: 'v2.1.1'
docker_compose_path: /usr/local/bin/docker-compose
# Used only for Debian/Ubuntu. Switch 'stable' to 'edge' if needed.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_repository: 'deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}'
docker_apt_ignore_key_error: true
docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg

8
deploy/ansible/appsmith_playbook/roles/setup-appsmith/tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
- include_tasks: preflight.yml
- include_tasks: setup-ubuntu.yml
- include_tasks: setup-docker.yml
- include_tasks: setup-appsmith.yml

35
deploy/ansible/appsmith_playbook/roles/setup-appsmith/tasks/preflight.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Check folder installation exist and empty
find:
paths: '{{ install_dir }}'
register: filesFound
- fail:
msg: 'The {{ install_dir }} folder is existed and not empty'
when: filesFound.matched > 0
- name: Check port 80 is listening
wait_for:
port: 80
delay: 2
timeout: 5
msg: 'Timeout waiting for 80 to respond'
register: port_80
ignore_errors: yes
- fail:
msg: 'Port 80 is running'
when: port_80.failed == false
- name: Check port 443 is listening
wait_for:
port: 443
delay: 2
timeout: 5
msg: 'Timeout waiting for 443 to respond'
register: port_443
ignore_errors: yes
- fail:
msg: 'Port 443 is running'
when: port_443.failed == false

16
deploy/ansible/appsmith_playbook/roles/setup-appsmith/tasks/setup-appsmith.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Create installation folder
file:
path: '{{ install_dir }}'
state: directory
- name: Download docker-compose.yml
get_url:
url: https://raw.githubusercontent.com/appsmithorg/appsmith/release/deploy/aws_ami/docker-compose.yml
dest: '{{ install_dir }}'
mode: 0440
- name: Start Appsmith
shell: docker-compose up -d
args:
chdir: '{{ install_dir }}'

29
deploy/ansible/appsmith_playbook/roles/base/tasks/install-docker.yml → deploy/ansible/appsmith_playbook/roles/setup-appsmith/tasks/setup-docker.yml
View File

@ -1,25 +1,22 @@
---
- include_tasks: setup-ubuntu.yml
when: ansible_os_family == 'Debian'
- name: Install Docker.
- name: Install Docker
package:
name: "{{ docker_package }}"
state: "{{ docker_package_state }}"
name: '{{ docker_package }}'
state: '{{ docker_package_state }}'
become: yes
- name: Ensure Docker is started and enabled at boot.
- name: Ensure Docker is started and enabled at boot
service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
state: '{{ docker_service_state }}'
enabled: '{{ docker_service_enabled }}'
- name: Ensure handlers are notified now to avoid firewall conflicts.
- name: Ensure handlers are notified now to avoid firewall conflicts
meta: flush_handlers
- name: Ensure docker users are added to the docker group.
- name: Ensure docker users are added to the docker group
user:
name: "{{ ansible_user }}"
name: '{{ ansible_user }}'
groups: docker
append: true
become: yes
@ -27,15 +24,15 @@
- name: reset ssh connection to allow user changes to affect 'current login user'
meta: reset_connection
- name: Check current docker-compose version.
- name: Check current docker-compose version
command: docker-compose --version
register: docker_compose_current_version
changed_when: false
failed_when: false
- name: Delete existing docker-compose version if it's different.
- name: Delete existing docker-compose version if it's different
file:
path: "{{ docker_compose_path }}"
path: '{{ docker_compose_path }}'
state: absent
when: >
docker_compose_current_version.stdout is defined
@ -45,6 +42,6 @@
- name: Install Docker-compose
get_url:
url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
dest: "{{ docker_compose_path }}"
dest: '{{ docker_compose_path }}'
mode: 0755
become: yes

53
deploy/ansible/appsmith_playbook/roles/setup-appsmith/tasks/setup-ubuntu.yml Normal file
View File

@ -0,0 +1,53 @@
---
- name: Upgrade all packages to the latest version
apt:
name: '*'
state: latest
become: yes
- name: Install required system packages
apt:
update_cache: yes
name:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- python3-pip
- virtualenv
- python3-setuptools
state: latest
become: yes
tags:
- always
- name: Ensure old versions of Docker are not installed
package:
name:
- docker
- docker-engine
state: absent
- name: Ensure dependencies are installed
apt:
name:
- apt-transport-https
- ca-certificates
- gnupg2
- curl
state: present
become: yes
- name: Add Docker apt key
shell: >
curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add -
args:
warn: false
become: yes
- name: Add Docker repository
apt_repository:
repo: '{{ docker_apt_repository }}'
state: present
update_cache: true
become: yes

9
deploy/ansible/appsmith_playbook/roles/start_app/handlers/main.yml
View File

@ -1,9 +0,0 @@
---
- name: Send request to integromat when start app with docker
uri:
url: "{{ analytics_webhook_uri }}"
method: POST
body: "{\"userId\":\"{{ app_installation_id.content }}\",\"event\":\"Start app\",\"data\":{\"os\":\"{{ os.stdout }}\", \"platform\": \"ansible\"}}"
body_format: json
return_content: yes
listen: "Start Appsmith with docker-compose"

6
deploy/ansible/appsmith_playbook/roles/start_app/tasks/main.yml
View File

@ -1,6 +0,0 @@
---
- name: Start Appsmith
shell: docker-compose up --build -d
args:
chdir: "{{ install_dir}}/"
notify: "Start Appsmith with docker-compose"