Playbook variables

This is a reference of available Ansible Playbook variables for websauna.ansible playbook. See deployment documentation for more information.

Required

These variables are required to be filled in for every websauna.ansible playbook. You usually declare them in vars section in your playbook.yml file.

backup

Do we install an automatic Duplicity backup script. If òn` you need have credentials for Duplicity backup scripts in the secrets INI file.

Default value not set.

celery

Use Celery to process asynchronous tasks

Default value not set.

cloudflare

Do we use cloudflare.com proxy at the front of the side. If yes then Nginx is made to accept HTTP/HTTPS connections from Cloudflare servers only.

Default value not set.

git_branch

What Git branch we deploy on this server. Usually master.

Default value not set.

git_repository

What is the Git repository URL for deployed Websauna application. E.g. git@bitbucket.org:miohtama/example.git

Default value not set.

ini_secrets_file

A local path to a file where production-secrets.ini file is. This file contains API tokens like Facebook API keys, session randomization seeds and such. Example: ../myapp/conf/production-secrets.ini

Default value not set.

letsenrypt

Do we automatically fecth and install a TSL certificate for Nginx HTTPS traffic from letsencrypt.com. If on you must supply a valid server_name and have DNS configured.

Default value not set.

new_relic

Do we use NewRelic.com monitoring for the server. If on you need to supply New Relic API key.

Default value not set.

notify_email

Where do we send email about server logs, failures, cron jobs. Use your sysadmin email address.

Default value not set.

package_name

The Python package name which we are going to deploy as Websauna application on the server. Usually like my.app, one generated by Websauna application cookiecutter.

Default value not set.

package_path

Path, inside the package, to the top level module. Usually like my/app, one generated by Websauna application cookiecutter.

Default value not set.

server_email

What From: email addresses server uses for outgoing email notifications. Example: no-reply@example.com

Default value not set.

server_email_domain

What this the suffix domain used by Postfix when generating emails from this server. Example: example.com

Default value not set.

server_name

What is the DNS address and Nginx server_name this site should reply. Example: mysite.example.com.

Default value not set.

site_id

site_id is referred in folders and files generated by the playbook. Usually same as the package name.

Default value not set.

site_mode

Site mode is either staging or production. This is used e.g. when generating database names, so that different environments get their own database.

Default value not set.

smtp

Do we configure outbound email through mandrill.com service. See Outbound email deployment documentation for more information. If not set you need to configure outbound email for Postfix yourself.

Default value not set.

ssl

Does Nginx accept HTTPS connections. If turned on you need to supply SSL certificate files for Playbook.

Default value not set.

websocket

Do we enable Websockets pass through in Nginx configuration. Required to run IPython Notebooks. Set to on.

Default value not set.

Optional

Variables defined here are optional for running Webasuna playbook. If you do not fill them Playbook doesn’t take any action or generate anything. Usually these variables are required only if you turn on some of the optional services is required variables.

htpasswd_password

Nginx htpasswd password to protect the site. Keep this in Ansible vault.

Default value not set.

htpasswd_user

Nginx htpasswd username to protect the site. Keep this in Ansible vault.

Default value not set.

ini_extra_settings

Extra settings placed in [app:main] section in generated production.ini. Example:

extra_ini_settings: |
    mail.host = mymailserver.internal
    websauna.superusers =
        mikko@example.com

Default value not set.

new_relic_license_key

API key for New Relic. Keep this in Ansible vault.

Default value not set.

nginx_ssl_certificate_path

Fill this variable if ssl is on. Server-side path to a TLS certificate file for Nginx. Usually .pem. Note that certificate and certificate key can be in same .pem file.

Default value not set.

nginx_ssl_certificate_path_key

Fill this variable if ssl is on. Server-side path to a TLS certificate key file for Nginx. Usually .pem. Note that certificate and certificate key can be in same .pem file.

Default value not set.

smpt_port

SMTP server port for outgoing email. Usually 587.

Default value not set.

smtp_password

SMTP service API key for outbound email.

Default value not set.

smtp_server

SMTP server name for outboind email.

Default value not set.

smtp_username

SMTP service username for outbound email. Your sign up email like mikko@example.com. Keep this in Ansible vault.

Default value not set.

Default

These are default Ansible variables consumed by various templates in Websauna deployment. They are generated based on core information you give it. You can override any of these variables by including another variable file after default.yml in your playbook using``include_vars`` Ansible command after default.yml is included in your playbook.

celery_log_level

Allow to debug Celery woes by enforcing log level on command line

Default value:

info

db_backup_dump_before_migration

Do a SQL dump before running migration scripts against the database. Expensive on larger systems.

Default value:

True

db_name

No description provided at the moment.

Default value:

{{ site_id }}_{{ site_mode }}

db_password

Generated PostgreSQL user password. Not used as the default PSQL authentication mode is trust.

Default value:

{{ wsgi_user }}

db_sqlalchemy_url

SQLAlchemy connection URL - by default PostgreSQL does not require authentication for local users

Default value:

postgresql://localhost/{{ db_name }}

db_user

Generated PostgreSQL user. Must match UNIX user running the application.

Default value:

{{ wsgi_user }}

dependencies

List of native dependencies needed to install and run Websauna

Default value:

- git
- supervisor
- build-essential
- libfreetype6-dev
- libncurses5-dev
- libxml2-dev
- libxslt1-dev
- libjpeg-dev
- libpng12-dev
- fail2ban
- gettext
- duplicity
- python-boto
- python-virtualenv
- libpq-dev
- libffi-dev
- libzmq3-dev
- ntp
- postgresql-client-common
- postgresql-client-9.3

deploy_location

: Where does the git checkout goes on the server

Default value:

/srv/pyramid/{{ package_name }}

local_certificate_file

A certificate file path on local environment to copy over to the server. Usually like certificate.pem. Note that certificate and certificate key can be in same .pem file. Leave empty if using Let’s Encrypt.

Default value not set.

local_key_file

A certificate file key on local environment to copy over to the server. Usually like certificate.pem. Note that certificate and certificate key can be in same .pem file. Leave empty if using Let’s Encrypt.

Default value not set.

nginx_access_log

Where does Nginx access log file goes

Default value:

/var/log/nginx/{{ site_id }}.access.log

nginx_config

Source template name for Nginx configuration

Default value:

nginx.conf

nginx_error_log

Where does Nginx error log file goes

Default value:

/var/log/nginx/{{ site_id }}.error.log

postfix_domain

Which is the domain name where our outboound email comes from

Default value:

{{ server_email_domain }}

postfix_notify_email

Sysadmin email for Postfix notify emails

Default value:

{{ notify_email }}

postgresql_admin_user

No description provided at the moment.

Default value:

postgres

postgresql_cluster_name

No description provided at the moment.

Default value:

main

postgresql_cluster_reset

No description provided at the moment.

Default value not set.

postgresql_databases

List of databases to be created By default include PostgreSQL PostGIS support (Geotypes), UUID and HSTORE

Default value:

- CommentedMap([('name', '{{\xa0db_name }}'), ('hstore', 'yes'), ('uuid_ossp', 'yes'), ('gis', 'yes')])

postgresql_default_auth_method

No description provided at the moment.

Default value:

trust

postgresql_encoding

No description provided at the moment.

Default value:

UTF-8

postgresql_ext_install_dev_headers

No description provided at the moment.

Default value:

yes

postgresql_ext_install_postgis

No description provided at the moment.

Default value:

yes

postgresql_ext_postgis_version

No description provided at the moment.

Default value:

2.2

postgresql_locale

No description provided at the moment.

Default value:

en_US.UTF-8

postgresql_user_privileges

No description provided at the moment.

Default value:

- CommentedMap([('name', '{{\xa0db_user }}'), ('db', '{{\xa0db_name }}'), ('priv', 'ALL'), ('role_attr_flags', 'CREATEDB')])

postgresql_users

No description provided at the moment.

Default value:

- CommentedMap([('name', '{{\xa0db_user }}'), ('pass', '{{\xa0db_password }}'), ('encrypted', 'no')])

postgresql_version

Installed PostgreSQL version

Default value:

9.5

pypi_index_url

PyPi mirror from where the packages are downloaded from. For an enterprise setup you might want to point this to your own server. For example custom PyPi hosting, see http://doc.devpi.net/

Default value:

https://pypi.python.org/simple

pyramid_notebook_notebook_folder

No description provided at the moment.

Default value:

{{ deploy_location}}/notebooks

python_interpreter

Name of the Python interpreter for creating the Websauna application virtual environment.

Default value:

python3.5

python_versions

Python versions to install on the server.

Default value:

- 3.5

supervisor_config

Supervisor config template. Create templates folder and supply your own supervisor startup handlers by giving a custom config filename here.

Default value:

supervisor.conf

uwsgi_config_source

Template used for uWSGI config

Default value:

uwsgi.ini

uwsgi_config_target

Where uWSGI config is placed on the server

Default value:

{{ websauna_conf_folder }}/uwsgi.ini

uwsgi_version

uWSGI version to install

Default value:

2.0.14

websauna_conf_folder

Deploy production.ini and production-secrets.ini here

Default value:

{{ deploy_location }}/{{ package_path }}/conf

websauna_config_file

The server path where we generate INI file for Pyramid. Ansible will fill in details like database.

Default value:

{{ websauna_conf_folder }}/generated.ini

websauna_config_includes

The [includes] section for generated configuration file

Default value:

resource://{{ package_name }}/conf/{{ site_mode }}.ini resource://websauna/conf/production.ini resource://{{ package_name }}/conf/base.ini resource://websauna/conf/base.ini

websauna_secrets_ini_file

Where we place secrets INI file on our server

Default value:

{{ websauna_conf_folder }}/generated-secrets.ini

websauna_wsgi_file

Where to deploy WSGI entry script

Default value:

{{ websauna_conf_folder }}/websauna.wsgi

wsgi_group

What is the name of the unix group owning /srv/pyramid/myapp files

Default value:

wsgi

wsgi_user

No description provided at the moment.

Default value:

wsgi