Initial commit

a07fe6cf · Torsten N. Fit · a07fe6cf · a07fe6cf · a07fe6cf · a07fe6cf
Commit a07fe6cf authored Jul 21, 2021 by Torsten N. Fit
--- a/.travis.yml
+++ b/.travis.yml
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
--- a/README.md
+++ b/README.md
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
--- a/defaults/main.yml
+++ b/defaults/main.yml
+---
+
+# defaults 
+otree_user: "ot"
+otree_prod_port: 8000
+otree_dev_port:  8100
+otree_fqdn: "otree.local"
+otree_repo: "https://gitlab.au.dk/otree/otree_example_apps.git"
+# https://gitlab+deploy-token-36:change-me@gitlab.au.dk/otree/test.git
+# https://docs.gitlab.com/ee/user/project/deploy_tokens/#git-clone-a-repository
+otree_admin_password='my_otree_admin_pw'
+
+...
--- a/files/public_keys/admin
+++ b/files/public_keys/admin
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC30KccO3dKcOJH70GYZWYzKtc6zcS+6cGzLPKLPNaFTwYhNk1CsnFt0WlsZYYj/VyV8zSNBiXHe2nN7WMjD85w1v2OLRjHE9tCYIjym8hX60Mmh5NoIJOs1ECTxDQIeachcL6F0PxsMXs659WBQMvZcyzBZCXUJRWBvkDitL6pVIf0CYhgfvgny8NfllkAqLxUwx+0uTO8HA2mWdI4n1tUvtu0S8xUjLyE1rYJOtlR8TcJSmVaaqbxu/KkPLVU1uQHKQMr2BVAoz4ePOghwKv855JhitAYRA4TmLyo3Ydkf7k8MX+deGnvhwWBk1Gs18XkDotKkbX1Vj6Hn8XyglSK3S2Nqt9u+9stloW/fN0l9OVY39WSRv6KRARFwQHUW93QrBOW7O7x5hRJGfoD2eWXZaUQ/Mr0/4rqIM56LaZp6bDNflB3kJsgR8vpkgSf0/PQGlDA2tM4hkfYIdP4zvKP+VP1UWJGMJikN/IaePu0iswE00zhEvU0uyxRQg2D9y8= admin
--- a/files/public_keys/nick
+++ b/files/public_keys/nick
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT5lSbstxCJXEdrFex7vcIXa2gjy9NCTxpCklI    odXA1y7B/PPHb5bngSl0UCK2M6+FxZZoV/vOObeT63FQkWQWd+uXQbN2iBPtLR1irvK7plLctHiG    Inu36QhX6kTdUsQrDW3Rizg/P6gwcG0b8GCwSqNltoxXX587B+cV0y6Qb5jP6/dgWeVWxM0SjOhg    w2J70C3lY6QB3UvOQXVuW6pzIDd9rr41pAbXKcD4N8aNeohXNrlVrbw80nxZB9rYA6ERGGecbV5P    fwBVxDhoSsL+/jHItWaqUJzI2wqXoZgpGOljslxKG6+oQGG4nGpflcGt3pSWClmITfqhIYkMVt73     tp1339@nyu.edu
\ No newline at end of file
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+# handlers file for au_otree_vm
+
+- name: systemctl daemon-reload
+  ansible.builtin.shell: "XDG_RUNTIME_DIR=/run/user/{{ otree_uid }} systemctl --user daemon-reload"
+  become_user: "{{ otree_user }}"
+
+- name: nginx restart
+  ansible.builtin.service:
+    name: nginx
+    state: restarted
+  become: True
+
+- name: oTree prod
+  ansible.builtin.systemd:
+    name: otree_prod.service
+    state: restarted
+    enabled: yes
+    scope: user
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
+  become_user: "{{ otree_user }}"
+
+- name: oTree backup timer
+  ansible.builtin.systemd:
+    name: otree_backup.timer
+    state: restarted
+    enabled: yes
+    scope: user
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
+  become_user: "{{ otree_user }}"
+...
--- a/meta/main.yml
+++ b/meta/main.yml
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+# main tasks file for au_otree_vm
+
+- name: Install software packages for oTree on Ubuntu 20.04
+  ansible.builtin.apt:
+    state: latest
+    update_cache: yes
+    pkg:
+      - acl
+      - python3.8
+      - python3-pip
+      - python3.8-venv
+      - sqlite3
+      - sqlitebrowser
+      - git
+      - libpq-dev
+      - nginx
+      - gzip
+      - tree
+      - neovim
+  become: True
+
+- name: Include tasks for creating and setting up user account
+  ansible.builtin.include_tasks:
+    file: otree_user.yml
+    apply:
+      tags:
+        - user_create
+
+- name: Get value of oTree user's uid
+  ansible.builtin.command:
+    cmd: "/usr/bin/id -u {{ otree_user }}"
+  register: otree_uid_cmd
+  changed_when: False
+
+- name: Save value of oTree user's uid
+  ansible.builtin.set_fact: 
+    otree_uid="{{ otree_uid_cmd.stdout }}"
+
+- name: print oTree UID
+  debug:
+    var: otree_uid
+    verbosity: 1
+
+- name: Include tasks for setting up network interface
+  ansible.builtin.include_tasks:
+    file: 'otree_setup.yml'
+    apply:
+      become_user: "{{ otree_user }}"
+      tags:
+        - user_config
+
+- name: Include tasks for setting up automatic sqlite backups
+  ansible.builtin.include_tasks:
+    file: 'sqlite_backup.yml'
+    apply:
+      become_user: "{{ otree_user }}"
+      tags:
+        - sqlite_backup
+
+- name: Include tasks for setting up Nginx as oTree proxy
+  ansible.builtin.include_tasks:
+    file: 'nginx_otree_proxy.yml'
+    apply:
+      become: True
+      tags:
+        - nginx
+
+...
--- a/tasks/nginx_otree_proxy.yml
+++ b/tasks/nginx_otree_proxy.yml
+--- # Nginx oTree proxysql_backend_servers
+
+- name: Install Nginx
+  ansible.builtin.apt:
+    name: nginx
+    state: latest
+    cache_valid_time: 300
+  become: True
+  notify:
+    - 'nginx restart'
+  tags:
+    - nginx
+
+- name: Enable Nginx server
+  ansible.builtin.service:
+    name: nginx
+    enabled: True
+  become: True
+  tags:
+    - nginx
+
+- name: make oTree site available
+  ansible.builtin.template:
+    src: otree_nginx_site.j2
+    dest: '/etc/nginx/sites-available/otree'
+  become: True
+  notify:
+    - 'nginx restart'
+  tags:
+    - nginx
+
+- name: make oTree site enabled
+  ansible.builtin.file:
+    path: '/etc/nginx/sites-enabled/otree'
+    src: '/etc/nginx/sites-available/otree'
+    state: 'link'
+  become: True
+  notify:
+    - 'nginx restart'
+  tags:
+    - nginx
+
+- name: Disable default Nginx site
+  ansible.builtin.file:
+    path: '/etc/nginx/sites-enabled/default'
+    state: 'absent'
+  become: True
+  notify:
+    - 'nginx restart'
+  tags:
+    - nginx
+...
--- a/tasks/otree_setup.yml
+++ b/tasks/otree_setup.yml
+--- # Setup oTree for (and as) otree_user
+
+- name: Set the base-dir for all oTree realated stuff
+  ansible.builtin.set_fact:
+    base_dir: "/home/{{ otree_user }}/otree_root"
+
+- name: Setup folder-structure for Otree
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: 'directory'
+    recurse: True
+    owner: "{{ otree_user }}"
+  loop:
+    - "{{ base_dir }}/otree_proj"
+    - "{{ base_dir }}/otree_conf"
+    - "{{ base_dir }}/otree_db_backups"
+    - "/home/{{ otree_user }}/.config/systemd/user/"
+  become_user: "{{ otree_user }}"
+  
+- name: Setup Systemd services
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  loop:
+    - { src: "otree_prod_service.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_prod.service" }
+    - { src: "otree_dev_service.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_dev.service" }
+    - { src: "env_dev.j2", dest: "{{ base_dir }}/otree_conf/env_dev" }
+    - { src: "env_prod.j2", dest: "{{ base_dir }}/otree_conf/env_prod" }
+  become_user: "{{ otree_user }}"
+  notify:
+    - "systemctl daemon-reload"
+    - "oTree prod"
+
+- name: Git clone the oTree app filesystem
+  ansible.builtin.git:
+    dest: "{{ base_dir }}/otree_proj"
+    version: 'master'
+    repo: "{{ otree_repo }}"
+  become_user: "{{ otree_user }}"
+  notify:
+    - "oTree prod"
+  failed_when: False
+
+- name: Setup Python3.8 virtualenv for oTree
+  ansible.builtin.pip:
+    virtualenv: "{{ base_dir }}/venv_otree"
+    virtualenv_command: "/usr/bin/python3.8 -m venv venv_otree"
+    requirements: "{{ base_dir }}/otree_proj/requirements.txt"
+  become_user: "{{ otree_user }}"
+  notify:
+    - "oTree prod"
+
+- name: Get value of oTree user's uid
+  ansible.builtin.command:
+    cmd: "/usr/bin/id -u {{ otree_user }}"
+  register: otree_uid_cmd
+  changed_when: False
+
+- name: Save value of oTree user's uid
+  ansible.builtin.set_fact: 
+    otree_uid="{{ otree_uid_cmd.stdout }}"
+
+- name: print oTree UID
+  debug:
+    var: otree_uid
+    verbosity: 0
+
+- name: oTree prod
+  ansible.builtin.systemd:
+    name: otree_prod.service
+    state: started
+    enabled: yes
+    scope: user
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
+  become_user: "{{ otree_user }}"
+
+...
--- a/tasks/otree_user.yml
+++ b/tasks/otree_user.yml
+--- # otree_user.yml - tasks for creating otree user
+
+- name: Create user account
+  ansible.builtin.user:
+    name: "{{ otree_user }}"
+    shell: '/bin/bash'
+    password: "$6$acorn$uP9NVafE10jx7A43jebMz9rlttWbLm4Otmy/MqPCBBQ9g4unFjRtkzy1pJ61Gy.HCAXZXhxezrPpnnt68v6VR."
+    update_password: 'on_create'
+
+- name: Add ssh-key to authorized_keys
+  ansible.posix.authorized_key:
+    user: "{{ otree_user }}"
+    state: present
+    key: '{{ item }}'
+  with_file:
+    - public_keys/admin
+
+- name: Test if Linger is enabled for user
+  ansible.builtin.command:
+    cmd: loginctl show-user -p Linger {{ otree_user }}
+  register: linger_status
+  changed_when: False
+  failed_when: False
+
+- name: Output from Linger status
+  ansible.builtin.debug:
+    var: linger_status
+    verbosity: 1
+
+- name: Enable user to have systemd (user) service start on bootup
+  ansible.builtin.command: loginctl enable-linger {{ otree_user }}
+  when: linger_status.stdout != "Linger=yes"
+
+...
--- a/tasks/sqlite_backup.yml
+++ b/tasks/sqlite_backup.yml
+--- # Setup SQLite backup for oTree
+
+- name: Setup folder-structure for SQLite backups
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: 'directory'
+    recurse: True
+    owner: "{{ otree_user }}"
+  loop:
+    - "{{ base_dir }}/otree_scripts"
+    - "{{ base_dir }}/otree_db_backups"
+    - "/home/{{ otree_user }}/.config/systemd/user/"
+  become_user: "{{ otree_user }}"
+
+- name: Look for a LAST backup file
+  ansible.builtin.stat:
+    path: "{{ base_dir }}/otree_db_backups/LAST"
+  register: last_backup
+
+- name: Create an empty file as LAST backup of SQLite
+  ansible.builtin.file:
+    path: "{{ base_dir }}/otree_db_backups/LAST"
+    state: touch
+  when: last_backup.stat.exists == False
+  become_user: "{{ otree_user }}"
+
+- name: Setup Systemd services for scheduled backups
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - { src: "otree_backup_service.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_backup.service", mode: '0664' }
+    - { src: "otree_backup_timer.j2", dest: "/home/{{ otree_user }}/.config/systemd/user/otree_backup.timer", mode: '0664' }
+    - { src: "sqlite_backup.sh.j2", dest: "{{ base_dir }}/otree_scripts/sqlite_backup.sh", mode: '0774' }
+  become_user: "{{ otree_user }}"
+  notify:
+    - "systemctl daemon-reload"
+    - "oTree backup timer"
+  
+- name: Get value of XDG_RUNTIME_DIR - NB Get's the wrong user NOT oTree user => problem for handler (systemd)
+  ansible.builtin.set_fact: 
+    xdg_runtime_dir="{{ lookup('env','XDG_RUNTIME_DIR') }}"
+  become_user: "{{ otree_user }}"
+
+- name: Debug systemd env
+  ansible.builtin.debug:
+    var: xdg_runtime_dir
+    verbosity: 2
+
+- name: Get value of oTree user's uid
+  ansible.builtin.command:
+    cmd: "/usr/bin/id -u {{ otree_user }}"
+  register: otree_uid_cmd
+  changed_when: False
+
+- name: Save value of oTree user's uid
+  ansible.builtin.set_fact: 
+    otree_uid="{{ otree_uid_cmd.stdout }}"
+
+- name: print oTree UID
+  debug:
+    var: otree_uid
+    verbosity: 1
+
+- name: enable and start oTree backup timer
+  ansible.builtin.systemd:
+    name: 'otree_backup.timer'
+    state: 'started'
+    enabled: yes
+    scope: 'user'
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ otree_uid }}"
+  become_user: "{{ otree_user }}"
+
+...
\ No newline at end of file
--- a/templates/env_dev.j2
+++ b/templates/env_dev.j2
+PATH=/home/{{ otree_user }}/.local/bin:{{ base_dir }}/venv_otree/bin:$PATH
--- a/templates/env_prod.j2
+++ b/templates/env_prod.j2
+VIRTUAL_ENV="/home/{{ otree_user }}/otree_root/venv_otree"
+#_OLD_VIRTUAL_PATH="$PATH"
+#LOCAL_PATH="/home/{{ otree_user }}/.local/bin"
+#PATH="$VIRTUAL_ENV:$LOCAL_PATH:$PATH"
+PATH=/home/{{ otree_user }}/.local/bin:{{ base_dir }}/venv_otree/bin:$PATH
+OTREE_ADMIN_PASSWORD='dirt_poor_prod'
+OTREE_PRODUCTION=1
+OTREE_AUTH_LEVEL=DEMO
--- a/templates/otree_backup_service.j2
+++ b/templates/otree_backup_service.j2
+[Unit]
+Description=SQLite db backup for oTree
+
+[Service]
+ExecStart=/home/{{ otree_user }}/otree_root/otree_scripts/sqlite_backup.sh
+
+[Install]
+WantedBy=default.target
--- a/templates/otree_backup_timer.j2
+++ b/templates/otree_backup_timer.j2
+[Unit]
+Description=Run SQLite backup script for oTree every 2 hours
+
+[Timer]
+OnActiveSec=15min
+OnUnitActiveSec=2h
+
+[Install]
+WantedBy=timers.target
--- a/templates/otree_dev_service.j2
+++ b/templates/otree_dev_service.j2
+[Unit]
+Description=Otree dev service
+
+[Service]
+Type=simple
+ExecStart={{ base_dir }}/venv_otree/bin/otree devserver {{ otree_dev_port }}
+WorkingDirectory={{ base_dir }}/otree_proj/
+EnvironmentFile={{ base_dir }}/otree_conf/env_dev
--- a/templates/otree_nginx_site.j2
+++ b/templates/otree_nginx_site.j2
+server {
+    listen 80;
+    server_name {{ ansible_fqdn }};
+
+    location / {
+        proxy_pass http://localhost:{{ otree_prod_port }};
+    }
+}
+
--- a/templates/otree_prod_service.j2
+++ b/templates/otree_prod_service.j2
+[Unit]
+Description=Otree prod service
+
+[Service]
+Type=simple
+ExecStart={{ base_dir }}/venv_otree/bin/otree prodserver {{ otree_prod_port }}
+WorkingDirectory={{ base_dir }}/otree_proj/
+EnvironmentFile={{ base_dir }}/otree_conf/env_prod
+
+[Install]
+WantedBy=default.target
--- a/templates/sqlite_backup.sh.j2
+++ b/templates/sqlite_backup.sh.j2
+#!/bin/bash
+
+DB_PATH="/home/{{ otree_user }}/otree_root/otree_proj"
+BACKUP_PATH="/home/{{ otree_user }}/otree_root/otree_db_backups"
+BACKUP_NAME="db_clone_$(date +"%FT%H%M")"
+
+cd "$BACKUP_PATH"
+/usr/bin/sqlite3 "${DB_PATH}/db.sqlite3" < <(echo -e .clone "${BACKUP_NAME}") > /dev/null
+DB_DIFF=$(/usr/bin/sqldiff LAST "$BACKUP_NAME" | wc -c)
+echo "db_diff: $DB_DIFF"
+
+if [ $DB_DIFF -eq 0 ]; then 
+  # The backup is identical to LAST backup
+  echo "Remove the new (dublicate) backup: $BACKUP_NAME"
+  rm $BACKUP_NAME
+else
+  # The backup contains new data => move LAST pointer
+  echo "Moving LAST pointer to $BACKUP_NAME"
+  rm LAST
+  ln -s "$BACKUP_NAME" LAST
+fi
+