diff options
Diffstat (limited to 'ansible/roles/sz-ds')
-rw-r--r-- | ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service | 14 | ||||
-rw-r--r-- | ansible/roles/sz-ds/handlers/main.yml | 5 | ||||
-rw-r--r-- | ansible/roles/sz-ds/tasks/flyway.yml | 30 | ||||
-rw-r--r-- | ansible/roles/sz-ds/tasks/main.yml | 67 | ||||
-rw-r--r-- | ansible/roles/sz-ds/tasks/sz-ds-app.yml | 41 | ||||
-rw-r--r-- | ansible/roles/sz-ds/tasks/sz-ds-pg.yml | 28 | ||||
-rw-r--r-- | ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j2 | 3 | ||||
-rw-r--r-- | ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 | 4 |
8 files changed, 140 insertions, 52 deletions
diff --git a/ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service b/ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service new file mode 100644 index 0000000..5e55de4 --- /dev/null +++ b/ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service @@ -0,0 +1,14 @@ +[Unit] +After=network.target postgresql.service + +[Service] +ExecStart=/opt/sz-ds/src/SweetzpotCentral/infrastructure/run-data-server +WorkingDirectory=/opt/sz-ds +KillMode=process +Restart=on-failure +User=sz-ds +Group=sz-ds +EnvironmentFile=/etc/sz-ds/env.conf + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/sz-ds/handlers/main.yml b/ansible/roles/sz-ds/handlers/main.yml new file mode 100644 index 0000000..846f076 --- /dev/null +++ b/ansible/roles/sz-ds/handlers/main.yml @@ -0,0 +1,5 @@ +- name: restart sz-ds + service: + name: sz-ds + state: restarted + diff --git a/ansible/roles/sz-ds/tasks/flyway.yml b/ansible/roles/sz-ds/tasks/flyway.yml new file mode 100644 index 0000000..c34ef44 --- /dev/null +++ b/ansible/roles/sz-ds/tasks/flyway.yml @@ -0,0 +1,30 @@ +- name: mkdir /opt/sz-ds/flyway + file: + state: directory + path: /opt/sz-ds/flyway +- template: + src: opt/sz-ds/bin/flyway.j2 + dest: /opt/sz-ds/bin/flyway + become: no +# mode: a=rx +- name: /etc/sz-ds/flyway.conf + tags: update-password + file: + dest: /etc/sz-ds/flyway.conf + content: | + flyway.url=jdbc:postgresql://localhost/sz-ds + flyway.user=sz-ds-flyway + flyway.password={{ sz_ds_secret.db_password_flyway }} + + flyway.locations=filesystem:/opt/sz-ds/src/SweetzpotCentral/data-server/migrations + flyway.schemas=public + +- name: Download and extract Flyway {{ flyway_version }} + unarchive: + src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip" + dest: /opt/sz-ds/flyway + creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}" + remote_src: yes +- file: + path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway" + mode: a=rx diff --git a/ansible/roles/sz-ds/tasks/main.yml b/ansible/roles/sz-ds/tasks/main.yml index 9e55292..559937c 100644 --- a/ansible/roles/sz-ds/tasks/main.yml +++ b/ansible/roles/sz-ds/tasks/main.yml @@ -4,8 +4,10 @@ name: "{{ item }}" install_recommends: no with_items: + - git - python-psycopg2 - python3-psycopg2 + - virtualenv - name: accounts for sz-ds tags: user @@ -17,12 +19,18 @@ createhome: no home: /opt/sz-ds system: yes - - file: + - name: mkdir /etc/sz-ds + file: + state: directory + path: /etc/sz-ds + - name: mkdir /opt/sz-ds + file: state: directory path: /opt/sz-ds owner: sz-ds mode: u=rwx,go= - - file: + - name: mkdir /opt/sz-ds/bin + file: state: directory path: /opt/sz-ds/bin - copy: @@ -31,57 +39,16 @@ - name: flyway for sz-ds tags: flyway - block: - - name: mkdir /opt/sz-ds/flyway - file: - state: directory - path: /opt/sz-ds/flyway - - template: - src: opt/sz-ds/bin/flyway.j2 - dest: /opt/sz-ds/bin/flyway - mode: a=rx - - name: Download and extract Flyway {{ flyway_version }} - unarchive: - src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip" - dest: /opt/sz-ds/flyway - creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}" - remote_src: yes - - file: - path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway" - mode: a=rx - # flyway.conf is created later + include: flyway.yml + - name: sz-ds database tags: sz-ds-pg become: yes become_user: postgres vars: ansible_ssh_pipelining: true - block: - - name: sz-ds - postgresql_user: - name: sz-ds - role_attr_flags: "NOLOGIN" - - name: sz-ds-flyway - tags: update-password - postgresql_user: - name: sz-ds-flyway - password: "{{ sz_ds_secret.db_password_flyway }}" - encrypted: yes - - name: sz-ds-web - tags: update-password - postgresql_user: - name: sz-ds-web - password: "{{ sz_ds_secret.db_password_web }}" - encrypted: yes - - name: sz-ds db - postgresql_db: - name: "sz-ds" - encoding: "utf-8" - owner: "sz-ds" - - postgresql_privs: - database: sz-ds - state: present - privs: USAGE - type: schema - objs: public - roles: sz-ds-web,sz-ds-flyway + include: sz-ds-pg.yml + +- name: sz-ds app + tags: sz-ds-app + include: sz-ds-app.yml diff --git a/ansible/roles/sz-ds/tasks/sz-ds-app.yml b/ansible/roles/sz-ds/tasks/sz-ds-app.yml new file mode 100644 index 0000000..78e300c --- /dev/null +++ b/ansible/roles/sz-ds/tasks/sz-ds-app.yml @@ -0,0 +1,41 @@ +- name: /etc/sz-ds/env.conf + tags: update-password + template: + src: etc/sz-ds/env.conf.j2 + dest: /etc/sz-ds/env.conf + mode: a=r + notify: + - restart sz-ds +- name: /etc/systemd/system/sz-ds.service + copy: + src: etc/systemd/system/sz-ds.service + dest: /etc/systemd/system/sz-ds.service +- name: git pull + tags: sz-ds-pull + notify: +# - flyway migrate + - restart sz-ds + register: git_checkout + git: + repo: "https://{{ sz_ds_secrets.github.username }}:{{ sz_ds_secrets.github.password }}@github.com/SweetzpotAS/SweetzpotCentral" + dest: /opt/sz-ds/src/SweetzpotCentral + version: master + +- name: Update GIT_REVISION + tags: sz-ds-pull + lineinfile: + path: "/etc/sz-ds/env.conf" + regexp: "^GIT_REVISION=" + line: "GIT_REVISION={{ git_checkout.after }}" + +- name: sz-ds pip + notify: restart sz-ds + tags: sz-ds-pull + pip: + virtualenv: /opt/sz-ds/env + virtualenv_python: python3 + chdir: /opt/sz-ds/src/SweetzpotCentral/data-server + requirements: requirements.txt +# editable: true + extra_args: --trusted-host github.com --process-dependency-links + diff --git a/ansible/roles/sz-ds/tasks/sz-ds-pg.yml b/ansible/roles/sz-ds/tasks/sz-ds-pg.yml new file mode 100644 index 0000000..48c6500 --- /dev/null +++ b/ansible/roles/sz-ds/tasks/sz-ds-pg.yml @@ -0,0 +1,28 @@ +- name: sz-ds + postgresql_user: + name: sz-ds + role_attr_flags: "NOLOGIN" +- name: sz-ds-flyway + tags: update-password + postgresql_user: + name: sz-ds-flyway + password: "{{ sz_ds_secret.db_password_flyway }}" + encrypted: yes +- name: sz-ds-web + tags: update-password + postgresql_user: + name: sz-ds-web + password: "{{ sz_ds_secret.db_password_web }}" + encrypted: yes +- name: sz-ds db + postgresql_db: + name: "sz-ds" + encoding: "utf-8" + owner: "sz-ds" +- postgresql_privs: + database: sz-ds + state: present + privs: USAGE + type: schema + objs: public + roles: sz-ds-web,sz-ds-flyway diff --git a/ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j2 b/ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j2 new file mode 100644 index 0000000..1e2cebb --- /dev/null +++ b/ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j2 @@ -0,0 +1,3 @@ +GIT_REVISION= +SQLALCHEMY_DATABASE_URI="postgresql://sz-ds-web:{{ sz_ds_secret.db_password_web }}@localhost/sz-ds" +SZ_CONFIG=/opt/sz-ds/src/SweetzpotCentral/data-server/config/config-{{ sz_ds_env }}.py diff --git a/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 index 8113d96..2481feb 100644 --- a/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 +++ b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 @@ -3,5 +3,5 @@ set -e v="{{ flyway_version }}" -flyway="/opt/p2k16/flyway/flyway-$v/flyway" -exec "$flyway" -configFile=/etc/p2k16/flyway.conf "$@" +flyway="/opt/sz-ds/flyway/flyway-$v/flyway" +exec "$flyway" -configFile=/etc/sz-ds/flyway.conf "$@" |