aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/sz-ds
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/sz-ds')
-rw-r--r--ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service14
-rw-r--r--ansible/roles/sz-ds/handlers/main.yml5
-rw-r--r--ansible/roles/sz-ds/tasks/flyway.yml30
-rw-r--r--ansible/roles/sz-ds/tasks/main.yml67
-rw-r--r--ansible/roles/sz-ds/tasks/sz-ds-app.yml41
-rw-r--r--ansible/roles/sz-ds/tasks/sz-ds-pg.yml28
-rw-r--r--ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j23
-rw-r--r--ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j24
8 files changed, 140 insertions, 52 deletions
diff --git a/ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service b/ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service
new file mode 100644
index 0000000..5e55de4
--- /dev/null
+++ b/ansible/roles/sz-ds/files/etc/systemd/system/sz-ds.service
@@ -0,0 +1,14 @@
+[Unit]
+After=network.target postgresql.service
+
+[Service]
+ExecStart=/opt/sz-ds/src/SweetzpotCentral/infrastructure/run-data-server
+WorkingDirectory=/opt/sz-ds
+KillMode=process
+Restart=on-failure
+User=sz-ds
+Group=sz-ds
+EnvironmentFile=/etc/sz-ds/env.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/roles/sz-ds/handlers/main.yml b/ansible/roles/sz-ds/handlers/main.yml
new file mode 100644
index 0000000..846f076
--- /dev/null
+++ b/ansible/roles/sz-ds/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart sz-ds
+ service:
+ name: sz-ds
+ state: restarted
+
diff --git a/ansible/roles/sz-ds/tasks/flyway.yml b/ansible/roles/sz-ds/tasks/flyway.yml
new file mode 100644
index 0000000..c34ef44
--- /dev/null
+++ b/ansible/roles/sz-ds/tasks/flyway.yml
@@ -0,0 +1,30 @@
+- name: mkdir /opt/sz-ds/flyway
+ file:
+ state: directory
+ path: /opt/sz-ds/flyway
+- template:
+ src: opt/sz-ds/bin/flyway.j2
+ dest: /opt/sz-ds/bin/flyway
+ become: no
+# mode: a=rx
+- name: /etc/sz-ds/flyway.conf
+ tags: update-password
+ file:
+ dest: /etc/sz-ds/flyway.conf
+ content: |
+ flyway.url=jdbc:postgresql://localhost/sz-ds
+ flyway.user=sz-ds-flyway
+ flyway.password={{ sz_ds_secret.db_password_flyway }}
+
+ flyway.locations=filesystem:/opt/sz-ds/src/SweetzpotCentral/data-server/migrations
+ flyway.schemas=public
+
+- name: Download and extract Flyway {{ flyway_version }}
+ unarchive:
+ src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip"
+ dest: /opt/sz-ds/flyway
+ creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}"
+ remote_src: yes
+- file:
+ path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway"
+ mode: a=rx
diff --git a/ansible/roles/sz-ds/tasks/main.yml b/ansible/roles/sz-ds/tasks/main.yml
index 9e55292..559937c 100644
--- a/ansible/roles/sz-ds/tasks/main.yml
+++ b/ansible/roles/sz-ds/tasks/main.yml
@@ -4,8 +4,10 @@
name: "{{ item }}"
install_recommends: no
with_items:
+ - git
- python-psycopg2
- python3-psycopg2
+ - virtualenv
- name: accounts for sz-ds
tags: user
@@ -17,12 +19,18 @@
createhome: no
home: /opt/sz-ds
system: yes
- - file:
+ - name: mkdir /etc/sz-ds
+ file:
+ state: directory
+ path: /etc/sz-ds
+ - name: mkdir /opt/sz-ds
+ file:
state: directory
path: /opt/sz-ds
owner: sz-ds
mode: u=rwx,go=
- - file:
+ - name: mkdir /opt/sz-ds/bin
+ file:
state: directory
path: /opt/sz-ds/bin
- copy:
@@ -31,57 +39,16 @@
- name: flyway for sz-ds
tags: flyway
- block:
- - name: mkdir /opt/sz-ds/flyway
- file:
- state: directory
- path: /opt/sz-ds/flyway
- - template:
- src: opt/sz-ds/bin/flyway.j2
- dest: /opt/sz-ds/bin/flyway
- mode: a=rx
- - name: Download and extract Flyway {{ flyway_version }}
- unarchive:
- src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip"
- dest: /opt/sz-ds/flyway
- creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}"
- remote_src: yes
- - file:
- path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway"
- mode: a=rx
- # flyway.conf is created later
+ include: flyway.yml
+
- name: sz-ds database
tags: sz-ds-pg
become: yes
become_user: postgres
vars:
ansible_ssh_pipelining: true
- block:
- - name: sz-ds
- postgresql_user:
- name: sz-ds
- role_attr_flags: "NOLOGIN"
- - name: sz-ds-flyway
- tags: update-password
- postgresql_user:
- name: sz-ds-flyway
- password: "{{ sz_ds_secret.db_password_flyway }}"
- encrypted: yes
- - name: sz-ds-web
- tags: update-password
- postgresql_user:
- name: sz-ds-web
- password: "{{ sz_ds_secret.db_password_web }}"
- encrypted: yes
- - name: sz-ds db
- postgresql_db:
- name: "sz-ds"
- encoding: "utf-8"
- owner: "sz-ds"
- - postgresql_privs:
- database: sz-ds
- state: present
- privs: USAGE
- type: schema
- objs: public
- roles: sz-ds-web,sz-ds-flyway
+ include: sz-ds-pg.yml
+
+- name: sz-ds app
+ tags: sz-ds-app
+ include: sz-ds-app.yml
diff --git a/ansible/roles/sz-ds/tasks/sz-ds-app.yml b/ansible/roles/sz-ds/tasks/sz-ds-app.yml
new file mode 100644
index 0000000..78e300c
--- /dev/null
+++ b/ansible/roles/sz-ds/tasks/sz-ds-app.yml
@@ -0,0 +1,41 @@
+- name: /etc/sz-ds/env.conf
+ tags: update-password
+ template:
+ src: etc/sz-ds/env.conf.j2
+ dest: /etc/sz-ds/env.conf
+ mode: a=r
+ notify:
+ - restart sz-ds
+- name: /etc/systemd/system/sz-ds.service
+ copy:
+ src: etc/systemd/system/sz-ds.service
+ dest: /etc/systemd/system/sz-ds.service
+- name: git pull
+ tags: sz-ds-pull
+ notify:
+# - flyway migrate
+ - restart sz-ds
+ register: git_checkout
+ git:
+ repo: "https://{{ sz_ds_secrets.github.username }}:{{ sz_ds_secrets.github.password }}@github.com/SweetzpotAS/SweetzpotCentral"
+ dest: /opt/sz-ds/src/SweetzpotCentral
+ version: master
+
+- name: Update GIT_REVISION
+ tags: sz-ds-pull
+ lineinfile:
+ path: "/etc/sz-ds/env.conf"
+ regexp: "^GIT_REVISION="
+ line: "GIT_REVISION={{ git_checkout.after }}"
+
+- name: sz-ds pip
+ notify: restart sz-ds
+ tags: sz-ds-pull
+ pip:
+ virtualenv: /opt/sz-ds/env
+ virtualenv_python: python3
+ chdir: /opt/sz-ds/src/SweetzpotCentral/data-server
+ requirements: requirements.txt
+# editable: true
+ extra_args: --trusted-host github.com --process-dependency-links
+
diff --git a/ansible/roles/sz-ds/tasks/sz-ds-pg.yml b/ansible/roles/sz-ds/tasks/sz-ds-pg.yml
new file mode 100644
index 0000000..48c6500
--- /dev/null
+++ b/ansible/roles/sz-ds/tasks/sz-ds-pg.yml
@@ -0,0 +1,28 @@
+- name: sz-ds
+ postgresql_user:
+ name: sz-ds
+ role_attr_flags: "NOLOGIN"
+- name: sz-ds-flyway
+ tags: update-password
+ postgresql_user:
+ name: sz-ds-flyway
+ password: "{{ sz_ds_secret.db_password_flyway }}"
+ encrypted: yes
+- name: sz-ds-web
+ tags: update-password
+ postgresql_user:
+ name: sz-ds-web
+ password: "{{ sz_ds_secret.db_password_web }}"
+ encrypted: yes
+- name: sz-ds db
+ postgresql_db:
+ name: "sz-ds"
+ encoding: "utf-8"
+ owner: "sz-ds"
+- postgresql_privs:
+ database: sz-ds
+ state: present
+ privs: USAGE
+ type: schema
+ objs: public
+ roles: sz-ds-web,sz-ds-flyway
diff --git a/ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j2 b/ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j2
new file mode 100644
index 0000000..1e2cebb
--- /dev/null
+++ b/ansible/roles/sz-ds/templates/etc/sz-ds/env.conf.j2
@@ -0,0 +1,3 @@
+GIT_REVISION=
+SQLALCHEMY_DATABASE_URI="postgresql://sz-ds-web:{{ sz_ds_secret.db_password_web }}@localhost/sz-ds"
+SZ_CONFIG=/opt/sz-ds/src/SweetzpotCentral/data-server/config/config-{{ sz_ds_env }}.py
diff --git a/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2 b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2
index 8113d96..2481feb 100644
--- a/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2
+++ b/ansible/roles/sz-ds/templates/opt/sz-ds/bin/flyway.j2
@@ -3,5 +3,5 @@
set -e
v="{{ flyway_version }}"
-flyway="/opt/p2k16/flyway/flyway-$v/flyway"
-exec "$flyway" -configFile=/etc/p2k16/flyway.conf "$@"
+flyway="/opt/sz-ds/flyway/flyway-$v/flyway"
+exec "$flyway" -configFile=/etc/sz-ds/flyway.conf "$@"