1 files changed, 252 insertions, 0 deletions

diff --git a/posts/2014-01-04-setting-up-cgit-with-ansible.org b/posts/2014-01-04-setting-up-cgit-with-ansible.org
new file mode 100644
index 0000000..80dbfe4
--- /dev/null
+++ b/posts/2014-01-04-setting-up-cgit-with-ansible.org
@@ -0,0 +1,252 @@
+I've [[/ansible-and-chef/][already write]] about
+[[http://www.ansibleworks.com/][Ansible]]. I use it to manage and
+configure my servers (most of them are VMs running on my laptop, but the
+idea is the same). One of the server is used to store my personal git
+repositories, and I wanted to use [[http://git.zx2c4.com/cgit/][cgit]]
+as the front end for the public repositories instead of the old and slow
+[[https://git.wiki.kernel.org/index.php/Gitweb][gitweb]].
+
+Since there's no package in Debian for cgit, I need to have an easy
+procedure to install it. I'll show how I do it with Ansible. This could
+be useful if you're learning about Ansible are you're looking for a
+simple use case.
+
+** Work directory
+
+The work directory contains a bunch of files:
+
+-  $workdir/hosts - local inventory with all the hosts, grouped by
+   categories
+-  $workdir/$hostname.yml - play book for a given host (more about this
+   file later)
+-  $workdir/roles/git - directory containing templates, tasks and
+   handlers for installing cgit
+-  $workdir/vars/$hostname.yml - contains all the variable needed to
+   install cgit
+
+#+BEGIN_QUOTE
+  Replace $hostname with the name of the host you want to use for cgit.
+#+END_QUOTE
+
+** Handlers
+
+In my case, cgit is hosted behind Nginx, so first, we need a handler to
+restart it after changing Nginx's configuration.
+
+#+BEGIN_EXAMPLE
+    # roles/git/handlers/main.yml
+    - name: restart nginx
+      service: name=nginx state=restarted
+#+END_EXAMPLE
+
+** Roles
+
+Now we need to define our role for cgit. The idea is to install the
+required packages to be able to build cgit, to create the directories
+where we will store our repositories, and actually build cgit.
+
+#+BEGIN_EXAMPLE
+    # roles/git/tasks/main.yml
+    - name: Set the directory for public repos
+      file: path=/srv/git/public
+            owner=www-data
+            group=www-data
+            mode=0770 recurse=yes
+            state=directory
+
+    - name: Set the directory for private repos
+      file: path=/srv/git/private
+            owner=www-data
+            group=www-data
+            mode=0770
+            recurse=yes
+            state=directory
+
+    - name: Install necessities for cgit
+      apt: pkg={{ item }} state=installed
+      with_items:
+        - build-essential
+        - autoconf
+        - automake
+        - libtool
+        - libfcgi-dev
+        - libssl-dev
+        - spawn-fcgi
+        - highlight
+        - fcgiwrap
+
+    - name: Create cgit web directory
+      file: path=/srv/www/{{ cgit_subdomain }}.{{ domain }}
+            recurse=yes
+            state=directory
+            owner=www-data
+
+    - name: Download cgit tarbal
+      get_url: url=http://git.zx2c4.com/cgit/snapshot/cgit-0.9.2.zip
+               dest=/tmp/cgit-0.9.2.zip
+               force=no
+
+    - name: Unzip cgit
+      command: unzip -qo /tmp/cgit-0.9.2.zip -d /tmp
+
+    - name: Configure cgit installation
+      template: src=cgit.conf.j2 dest=/tmp/cgit-0.9.2/cgit.conf
+
+    - name: Install cgit
+      shell: make get-git && make && make install chdir=/tmp/cgit-0.9.2
+
+    - name: Set permissions for cgit
+      file: path=/srv/www/{{ cgit_subdomain }}.{{ domain }}
+            owner=www-data
+            state=directory
+            recurse=yes
+
+    - name: Configure the nginx HTTP server for cgit
+      template: src=etc_nginx_sites-available_cgit.j2
+                dest=/etc/nginx/sites-available/{{ cgit_subdomain }}.{{ domain }}
+                group=www-data
+                owner=www-data
+
+    - name: Configure cgit
+      template: src=etc_cgitrc.j2
+                dest=/etc/cgitrc
+                group=www-data
+                owner=www-data
+
+    - name: Enable cgit
+      file: src=/etc/nginx/sites-available/{{ cgit_subdomain }}.{{ domain }}
+            dest=/etc/nginx/sites-enabled/{{ cgit_subdomain }}.{{ domain }}
+            state=link
+            group=www-data
+            owner=www-data
+      notify: restart nginx
+
+    - name: Backup git directory
+      template: src=etc_cron.hourly_git-backup.j2
+                dest=/etc/cron.hourly/git-backup
+                mode=0755
+#+END_EXAMPLE
+
+** Templates
+
+We need a bunch of templates to configure and build our tools. Let's
+start with *cgit.conf*.
+
+#+BEGIN_SRC sh
+    # roles/git/templates/cgit.conf.j2
+
+    CGIT_SCRIPT_PATH = /srv/www/{{ cgit_subdomain }}.{{ domain }}
+#+END_SRC
+
+This file is used when we build cgit to install it to a specific
+location.
+
+The next template is to configure cgit.
+
+#+BEGIN_EXAMPLE
+    # roles/git/templates/etc_cgitrc.j2
+
+    root-desc=Franck Cuny's projects
+    virtual-root=/
+    logo=/cgit.png
+    css=/cgit.css
+    scan-path=/srv/git/public
+    remove-suffix=1
+    clone-prefix=http://git.$hostname.net
+#+END_EXAMPLE
+
+This template is to configure nginx.
+
+#+BEGIN_EXAMPLE
+    # roles/git/templates/etc_nginx_sites-available_cgit.j2
+
+    server {
+        listen 80;
+        server_name  "{{ cgit_subdomain}}.{{ domain }}";
+        root /srv/www/{{ cgit_subdomain }}.{{ domain }};
+
+        location / {
+             try_files $uri @cgit;
+        }
+
+        location @cgit {
+            index cgit.cgi;
+
+            fastcgi_param  SCRIPT_FILENAME    $document_root/cgit.cgi;
+
+            fastcgi_pass unix:/run/fcgiwrap.socket;
+            fastcgi_param HTTP_HOST $server_name;
+            fastcgi_param PATH_INFO $uri;
+            fastcgi_param QUERY_INFO $uri;
+            include "fastcgi_params";
+        }
+
+        error_log         /var/log/nginx/{{ cgit_subdomain }}.{{ domain }}-error.log;
+        access_log        /var/log/nginx/{{ cgit_subdomain }}.{{ domain }}-access.log;
+    }
+#+END_EXAMPLE
+
+** Backing up on s3
+
+I backup all my git repositories to a bucket on s3. In order to do that,
+you'll need either a new role or to update the current one by adding the
+following instructions.
+
+#+BEGIN_EXAMPLE
+    - name: Install s3cmd
+      apt: pkg=s3cmd
+
+    - name: Configure s3cmd
+      sudo: false
+      template:
+        src="s3cfg.j2"
+        dest="/root/.s3cfg"
+
+    - name: Backup git directory
+      template: src=etc_cron.hourly_git-backup.j2
+                dest=/etc/cron.hourly/git-backup
+                mode=0755
+#+END_EXAMPLE
+
+We need a template to configure our access to s3.
+
+#+BEGIN_EXAMPLE
+    [default]
+    access_key = {{ aws_access_key }}
+    secret_key = {{ aws_secret_key }}
+    use_https = True
+#+END_EXAMPLE
+
+And another template for our cron job.
+
+#+BEGIN_SRC sh
+    #!/bin/sh
+    s3cmd sync -v /srv/git/ s3://$hostname-backup/git/ > /tmp/s3_backup_git.log 2>&1
+#+END_SRC
+
+** Variables
+
+I have a file named *vars/$hostname.yml* that contains the
+
+#+BEGIN_EXAMPLE
+    domain: $hostname.net
+    cgit_subdomain: git
+
+    aws_access_key: access-key
+    aws_secret_key: secret-key
+#+END_EXAMPLE
+
+** Play time
+
+The content of the playbook
+
+#+BEGIN_EXAMPLE
+    - hosts: $hostname
+      vars_files:
+        - vars/$hostname.yml
+      roles:
+        - git
+#+END_EXAMPLE
+
+Now I can tell Ansible to run this playbook, and this will install cgit
+on my server: =ansible-playbook -i hosts lj.yml=.