Commit a07fe6cf authored by Torsten N. Fit's avatar Torsten N. Fit
Browse files

Initial commit

parents
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
# defaults
otree_user: "ot"
otree_prod_port: 8000
otree_dev_port: 8100
otree_fqdn: "otree.local"
otree_repo: "https://gitlab.au.dk/otree/otree_example_apps.git"
# https://gitlab+deploy-token-36:change-me@gitlab.au.dk/otree/test.git
# https://docs.gitlab.com/ee/user/project/deploy_tokens/#git-clone-a-repository
otree_admin_password='my_otree_admin_pw'
...
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC30KccO3dKcOJH70GYZWYzKtc6zcS+6cGzLPKLPNaFTwYhNk1CsnFt0WlsZYYj/VyV8zSNBiXHe2nN7WMjD85w1v2OLRjHE9tCYIjym8hX60Mmh5NoIJOs1ECTxDQIeachcL6F0PxsMXs659WBQMvZcyzBZCXUJRWBvkDitL6pVIf0CYhgfvgny8NfllkAqLxUwx+0uTO8HA2mWdI4n1tUvtu0S8xUjLyE1rYJOtlR8TcJSmVaaqbxu/KkPLVU1uQHKQMr2BVAoz4ePOghwKv855JhitAYRA4TmLyo3Ydkf7k8MX+deGnvhwWBk1Gs18XkDotKkbX1Vj6Hn8XyglSK3S2Nqt9u+9stloW/fN0l9OVY39WSRv6KRARFwQHUW93QrBOW7O7x5hRJGfoD2eWXZaUQ/Mr0/4rqIM56LaZp6bDNflB3kJsgR8vpkgSf0/PQGlDA2tM4hkfYIdP4zvKP+VP1UWJGMJikN/IaePu0iswE00zhEvU0uyxRQg2D9y8= admin
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT5lSbstxCJXEdrFex7vcIXa2gjy9NCTxpCklI odXA1y7B/PPHb5bngSl0UCK2M6+FxZZoV/vOObeT63FQkWQWd+uXQbN2iBPtLR1irvK7plLctHiG Inu36QhX6kTdUsQrDW3Rizg/P6gwcG0b8GCwSqNltoxXX587B+cV0y6Qb5jP6/dgWeVWxM0SjOhg w2J70C3lY6QB3UvOQXVuW6pzIDd9rr41pAbXKcD4N8aNeohXNrlVrbw80nxZB9rYA6ERGGecbV5P fwBVxDhoSsL+/jHItWaqUJzI2wqXoZgpGOljslxKG6+oQGG4nGpflcGt3pSWClmITfqhIYkMVt73 tp1339@nyu.edu
\ No newline at end of file
---
# handlers file for au_otree_vm
- name: systemctl daemon-reload
ansible.builtin.shell: "XDG_RUNTIME_DIR=/run/user/{{ otree_uid }} systemctl --user daemon-reload"
become_user: "{{ otree_user }}"
- name: nginx restart
ansible.builtin.service:
name: nginx
state: restarted
become: True
- name: oTree prod
ansible.builtin.systemd:
name: otree_prod.service
state: restarted
enabled: yes
scope: user
environment:
XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
become_user: "{{ otree_user }}"
- name: oTree backup timer
ansible.builtin.systemd:
name: otree_backup.timer
state: restarted
enabled: yes
scope: user
environment:
XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
become_user: "{{ otree_user }}"
...
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
---
# main tasks file for au_otree_vm
- name: Install software packages for oTree on Ubuntu 20.04
ansible.builtin.apt:
state: latest
update_cache: yes
pkg:
- acl
- python3.8
- python3-pip
- python3.8-venv
- sqlite3
- sqlitebrowser
- git
- libpq-dev
- nginx
- gzip
- tree
- neovim
become: True
- name: Include tasks for creating and setting up user account
ansible.builtin.include_tasks:
file: otree_user.yml
apply:
tags:
- user_create
- name: Get value of oTree user's uid
ansible.builtin.command:
cmd: "/usr/bin/id -u {{ otree_user }}"
register: otree_uid_cmd
changed_when: False
- name: Save value of oTree user's uid
ansible.builtin.set_fact:
otree_uid="{{ otree_uid_cmd.stdout }}"
- name: print oTree UID
debug:
var: otree_uid
verbosity: 1
- name: Include tasks for setting up network interface
ansible.builtin.include_tasks:
file: 'otree_setup.yml'
apply:
become_user: "{{ otree_user }}"
tags:
- user_config
- name: Include tasks for setting up automatic sqlite backups
ansible.builtin.include_tasks:
file: 'sqlite_backup.yml'
apply:
become_user: "{{ otree_user }}"
tags:
- sqlite_backup
- name: Include tasks for setting up Nginx as oTree proxy
ansible.builtin.include_tasks:
file: 'nginx_otree_proxy.yml'
apply:
become: True
tags:
- nginx
...
--- # Nginx oTree proxysql_backend_servers
- name: Install Nginx
ansible.builtin.apt:
name: nginx
state: latest
cache_valid_time: 300
become: True
notify:
- 'nginx restart'
tags:
- nginx
- name: Enable Nginx server
ansible.builtin.service:
name: nginx
enabled: True
become: True
tags:
- nginx
- name: make oTree site available
ansible.builtin.template:
src: otree_nginx_site.j2
dest: '/etc/nginx/sites-available/otree'
become: True
notify:
- 'nginx restart'
tags:
- nginx
- name: make oTree site enabled
ansible.builtin.file:
path: '/etc/nginx/sites-enabled/otree'
src: '/etc/nginx/sites-available/otree'
state: 'link'
become: True
notify:
- 'nginx restart'
tags:
- nginx
- name: Disable default Nginx site
ansible.builtin.file:
path: '/etc/nginx/sites-enabled/default'
state: 'absent'
become: True
notify:
- 'nginx restart'
tags:
- nginx
...
--- # Setup oTree for (and as) otree_user
- name: Set the base-dir for all oTree realated stuff
ansible.builtin.set_fact:
base_dir: "/home/{{ otree_user }}/otree_root"
- name: Setup folder-structure for Otree
ansible.builtin.file:
path: '{{ item }}'
state: 'directory'
recurse: True
owner: "{{ otree_user }}"
loop:
- "{{ base_dir }}/otree_proj"
- "{{ base_dir }}/otree_conf"
- "{{ base_dir }}/otree_db_backups"
- "/home/{{ otree_user }}/.config/systemd/user/"
become_user: "{{ otree_user }}"
- name: Setup Systemd services
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "otree_prod_service.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_prod.service" }
- { src: "otree_dev_service.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_dev.service" }
- { src: "env_dev.j2", dest: "{{ base_dir }}/otree_conf/env_dev" }
- { src: "env_prod.j2", dest: "{{ base_dir }}/otree_conf/env_prod" }
become_user: "{{ otree_user }}"
notify:
- "systemctl daemon-reload"
- "oTree prod"
- name: Git clone the oTree app filesystem
ansible.builtin.git:
dest: "{{ base_dir }}/otree_proj"
version: 'master'
repo: "{{ otree_repo }}"
become_user: "{{ otree_user }}"
notify:
- "oTree prod"
failed_when: False
- name: Setup Python3.8 virtualenv for oTree
ansible.builtin.pip:
virtualenv: "{{ base_dir }}/venv_otree"
virtualenv_command: "/usr/bin/python3.8 -m venv venv_otree"
requirements: "{{ base_dir }}/otree_proj/requirements.txt"
become_user: "{{ otree_user }}"
notify:
- "oTree prod"
- name: Get value of oTree user's uid
ansible.builtin.command:
cmd: "/usr/bin/id -u {{ otree_user }}"
register: otree_uid_cmd
changed_when: False
- name: Save value of oTree user's uid
ansible.builtin.set_fact:
otree_uid="{{ otree_uid_cmd.stdout }}"
- name: print oTree UID
debug:
var: otree_uid
verbosity: 0
- name: oTree prod
ansible.builtin.systemd:
name: otree_prod.service
state: started
enabled: yes
scope: user
environment:
XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
become_user: "{{ otree_user }}"
...
--- # otree_user.yml - tasks for creating otree user
- name: Create user account
ansible.builtin.user:
name: "{{ otree_user }}"
shell: '/bin/bash'
password: "$6$acorn$uP9NVafE10jx7A43jebMz9rlttWbLm4Otmy/MqPCBBQ9g4unFjRtkzy1pJ61Gy.HCAXZXhxezrPpnnt68v6VR."
update_password: 'on_create'
- name: Add ssh-key to authorized_keys
ansible.posix.authorized_key:
user: "{{ otree_user }}"
state: present
key: '{{ item }}'
with_file:
- public_keys/admin
- name: Test if Linger is enabled for user
ansible.builtin.command:
cmd: loginctl show-user -p Linger {{ otree_user }}
register: linger_status
changed_when: False
failed_when: False
- name: Output from Linger status
ansible.builtin.debug:
var: linger_status
verbosity: 1
- name: Enable user to have systemd (user) service start on bootup
ansible.builtin.command: loginctl enable-linger {{ otree_user }}
when: linger_status.stdout != "Linger=yes"
...
--- # Setup SQLite backup for oTree
- name: Setup folder-structure for SQLite backups
ansible.builtin.file:
path: '{{ item }}'
state: 'directory'
recurse: True
owner: "{{ otree_user }}"
loop:
- "{{ base_dir }}/otree_scripts"
- "{{ base_dir }}/otree_db_backups"
- "/home/{{ otree_user }}/.config/systemd/user/"
become_user: "{{ otree_user }}"
- name: Look for a LAST backup file
ansible.builtin.stat:
path: "{{ base_dir }}/otree_db_backups/LAST"
register: last_backup
- name: Create an empty file as LAST backup of SQLite
ansible.builtin.file:
path: "{{ base_dir }}/otree_db_backups/LAST"
state: touch
when: last_backup.stat.exists == False
become_user: "{{ otree_user }}"
- name: Setup Systemd services for scheduled backups
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "otree_backup_service.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_backup.service", mode: '0664' }
- { src: "otree_backup_timer.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_backup.timer", mode: '0664' }
- { src: "sqlite_backup.sh.j2", dest: "{{ base_dir }}/otree_scripts/sqlite_backup.sh", mode: '0774' }
become_user: "{{ otree_user }}"
notify:
- "systemctl daemon-reload"
- "oTree backup timer"
- name: Get value of XDG_RUNTIME_DIR - NB Get's the wrong user NOT oTree user => problem for handler (systemd)
ansible.builtin.set_fact:
xdg_runtime_dir="{{ lookup('env','XDG_RUNTIME_DIR') }}"
become_user: "{{ otree_user }}"
- name: Debug systemd env
ansible.builtin.debug:
var: xdg_runtime_dir
verbosity: 2
- name: Get value of oTree user's uid
ansible.builtin.command:
cmd: "/usr/bin/id -u {{ otree_user }}"
register: otree_uid_cmd
changed_when: False
- name: Save value of oTree user's uid
ansible.builtin.set_fact:
otree_uid="{{ otree_uid_cmd.stdout }}"
- name: print oTree UID
debug:
var: otree_uid
verbosity: 1
- name: enable and start oTree backup timer
ansible.builtin.systemd:
name: 'otree_backup.timer'
state: 'started'
enabled: yes
scope: 'user'
environment:
XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
become_user: "{{ otree_user }}"
...
\ No newline at end of file
PATH=/home/{{ otree_user }}/.local/bin:{{ base_dir }}/venv_otree/bin:$PATH
VIRTUAL_ENV="/home/{{ otree_user }}/otree_root/venv_otree"
#_OLD_VIRTUAL_PATH="$PATH"
#LOCAL_PATH="/home/{{ otree_user }}/.local/bin"
#PATH="$VIRTUAL_ENV:$LOCAL_PATH:$PATH"
PATH=/home/{{ otree_user }}/.local/bin:{{ base_dir }}/venv_otree/bin:$PATH
OTREE_ADMIN_PASSWORD='dirt_poor_prod'
OTREE_PRODUCTION=1
OTREE_AUTH_LEVEL=DEMO
[Unit]
Description=SQLite db backup for oTree
[Service]
ExecStart=/home/{{ otree_user }}/otree_root/otree_scripts/sqlite_backup.sh
[Install]
WantedBy=default.target
[Unit]
Description=Run SQLite backup script for oTree every 2 hours
[Timer]
OnActiveSec=15min
OnUnitActiveSec=2h
[Install]
WantedBy=timers.target
[Unit]
Description=Otree dev service
[Service]
Type=simple
ExecStart={{ base_dir }}/venv_otree/bin/otree devserver {{ otree_dev_port }}
WorkingDirectory={{ base_dir }}/otree_proj/
EnvironmentFile={{ base_dir }}/otree_conf/env_dev
server {
listen 80;
server_name {{ ansible_fqdn }};
location / {
proxy_pass http://localhost:{{ otree_prod_port }};
}
}
[Unit]
Description=Otree prod service
[Service]
Type=simple
ExecStart={{ base_dir }}/venv_otree/bin/otree prodserver {{ otree_prod_port }}
WorkingDirectory={{ base_dir }}/otree_proj/
EnvironmentFile={{ base_dir }}/otree_conf/env_prod
[Install]
WantedBy=default.target
#!/bin/bash
DB_PATH="/home/{{ otree_user }}/otree_root/otree_proj"
BACKUP_PATH="/home/{{ otree_user }}/otree_root/otree_db_backups"
BACKUP_NAME="db_clone_$(date +"%FT%H%M")"
cd "$BACKUP_PATH"
/usr/bin/sqlite3 "${DB_PATH}/db.sqlite3" < <(echo -e .clone "${BACKUP_NAME}") > /dev/null
DB_DIFF=$(/usr/bin/sqldiff LAST "$BACKUP_NAME" | wc -c)
echo "db_diff: $DB_DIFF"
if [ $DB_DIFF -eq 0 ]; then
# The backup is identical to LAST backup
echo "Remove the new (dublicate) backup: $BACKUP_NAME"
rm $BACKUP_NAME
else
# The backup contains new data => move LAST pointer
echo "Moving LAST pointer to $BACKUP_NAME"
rm LAST
ln -s "$BACKUP_NAME" LAST
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment