Merge pull request #2974 from edx/benp/neo4j-role

Neo4j community edition role

Merge pull request #2974 from edx/benp/neo4j-role
Neo4j community edition role
89192081 · Fred Smith · GitHub · 70d9081e · be3b95ca · 89192081
Commit 89192081 authored Jul 25, 2016 by Fred Smith Committed by GitHub Jul 25, 2016
5 changed files
--- a/playbooks/edx-east/neo4j.yml
+++ b/playbooks/edx-east/neo4j.yml
+- name: Deploy neo4j for coursegraph
+  hosts: all
+  sudo: True
+  gather_facts: True
+  vars:
+    CLUSTER_NAME: 'coursegraph'
+  roles:
+    - role: nginx
+      nginx_template_dir: "../roles/neo4j/templates/edx/app/nginx/sites-available"
+      nginx_sites:
+        - coursegraph
+      nginx_default_sites:
+        - coursegraph
+#    - aws
+    - neo4j
--- a/playbooks/roles/neo4j/defaults/main.yml
+++ b/playbooks/roles/neo4j/defaults/main.yml
+---
+#
+#  Adds the latest stable package of neo4j community edition
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
+# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+##
+# Defaults for role neo4j
+#
+
+#
+# vars are namespaced with the module name.
+#
+NEO4J_SERVER_NAME: "localhost"
+
+neo4j_gpg_key_url: https://debian.neo4j.org/neotechnology.gpg.key
+neo4j_apt_repository: "deb http://debian.neo4j.org/repo stable/"
+neo4j_version: "3.0.3"
+neo4j_server_config_file: "/etc/neo4j/neo4j-server.properties"
+neo4j_https_port: 7473  # default in package is 7473
+neo4j_http_port: 7474  # default in package is 7474
+
+# Properties file settings
+neo4j_address_settings_key: "org.neo4j.server.webserver.address"
+neo4j_https_settings_key: "org.neo4j.server.webserver.https.port"
+neo4j_http_settings_key: "org.neo4j.server.webserver.port"
--- a/playbooks/roles/neo4j/meta/main.yml
+++ b/playbooks/roles/neo4j/meta/main.yml
+---
+dependencies:
+  - common
+  - role: oraclejdk
+    oraclejdk_version: "8u60"
+    oraclejdk_base: "jdk1.8.0_60"
+    oraclejdk_build: "b27"
+    oraclejdk_link: "/usr/lib/jvm/java-8-oracle"
--- a/playbooks/roles/neo4j/tasks/main.yml
+++ b/playbooks/roles/neo4j/tasks/main.yml
+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://openedx.atlassian.net/wiki/display/OpenOPS
+# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Tasks for role neo4j
+#
+# Overview:
+#
+#
+# Dependencies:
+#
+#
+# Example play:
+#
+#
+
+- name: add neo4j gpg key
+  apt_key:
+    url: "{{ neo4j_gpg_key_url }}"
+    state: present
+  tags:
+    - install
+    - install:system-requirements
+
+- name: add neo4j apt repository
+  apt_repository:
+    repo: "{{ neo4j_apt_repository }}"
+    state: present
+  tags:
+    - install
+    - install:system-requirements
+
+- name: install neo4j
+  apt:
+    name: "neo4j={{neo4j_version}}"
+    state: present
+  tags:
+    - install
+    - install:base
+
+- name: set to listen on all IPs
+  lineinfile:
+    dest: "{{ neo4j_server_config_file }}"
+    regexp: "{{ neo4j_address_settings_key }}="
+    line: "{{ neo4j_address_settings_key }}=0.0.0.0"
+    state: present
+  tags:
+    - install
+    - install:configuration
+
+- name: set to listen on specific port for https
+  lineinfile:
+    dest: "{{ neo4j_server_config_file }}"
+    regexp: "{{ neo4j_https_settings_key }}="
+    line: "{{ neo4j_https_settings_key }}={{ neo4j_https_port }}"
+  tags:
+    - install
+    - install:configuration
+
+- name: set to listen on specific port for http
+  lineinfile:
+    dest: "{{ neo4j_server_config_file }}"
+    regexp: "{{ neo4j_http_settings_key }}="
+    line: "{{ neo4j_http_settings_key }}={{ neo4j_http_port }}"
+  tags:
+    - install
+    - install:configuration
+
+- name: restart neo4j
+  service: 
+    name: neo4j-service 
+    state: restarted
+  tags:
+    - manage
+    - manage:start
--- a/playbooks/roles/neo4j/templates/edx/app/nginx/sites-available/coursegraph.j2
+++ b/playbooks/roles/neo4j/templates/edx/app/nginx/sites-available/coursegraph.j2
+#
+# {{ ansible_managed }}
+#
+
+
+{% if nginx_default_sites is defined and "neo4j" in nginx_default_sites %}
+  {% set default_site = "default" %}
+{% else %}
+  {% set default_site = "" %}
+{% endif %}
+
+server {
+  server_name {{ NEO4J_SERVER_NAME }};
+
+  {% if NGINX_ENABLE_SSL %}
+
+  listen 443 ssl;
+  ssl_certificate /etc/ssl/certs/{{ NGINX_SSL_CERTIFICATE|basename }};
+  ssl_certificate_key /etc/ssl/private/{{ NGINX_SSL_KEY|basename }};
+  # request the browser to use SSL for all connections
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+  {% else %}
+  listen 80 {{ default_site }};
+  {% endif %}
+
+
+  location / {
+    try_files $uri @proxy_to_app;
+  }
+
+  location @proxy_to_app {
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+    proxy_set_header X-Forwarded-For $http_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    proxy_redirect off;
+    proxy_pass http://127.0.0.1:{{ neo4j_http_port }};
+  }
+
+  # Forward to HTTPS if we're an HTTP request...
+  if ($http_x_forwarded_proto = "http") {
+    set $do_redirect "true";
+  }
+
+  # Run our actual redirect...
+  if ($do_redirect = "true") {
+    rewrite ^ https://$host$request_uri? permanent;
+  }
+}