Add isimip_data and isimip_files_api roles

ISI-MIP · Apr 17, 2020 · 2c25c9c · 2c25c9c
1 parent c8d325b
commit 2c25c9c
Show file tree

Hide file tree

Showing 21 changed files with 263 additions and 73 deletions.
diff --git a/main.yml b/main.yml
@@ -2,8 +2,7 @@
 
 - name: all hosts
   hosts: all
-  become: yes
-  become_user: root
+  user: root
   roles:
   - role: config
     tags: ['config']
@@ -13,3 +12,7 @@
     tags: ['packages']
   - role: nginx
     tags: ['nginx']
+  - role: isimip_data
+    tags: ['isimip_data']
+  - role: isimip_files_api
+    tags: ['isimip_data']
diff --git a/play b/play
@@ -1,2 +1,2 @@
 #!/bin/bash
-ansible-playbook -i hosts $@ main.yml
+ansible-playbook -i hosts $@ main.yml -e "ansible_python_interpreter=/usr/bin/python3"
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+ansible~=2.9.7
diff --git a/roles/config/tasks/main.yml b/roles/config/tasks/main.yml
@@ -1,36 +1,33 @@
 ---
 
-- name: red prompt for root
-  lineinfile:
-    dest: /root/.bashrc
-    line: "export PS1='[\\[\\e[0;31m\\]\\u@\\h\\[\\e[0m\\] \\W]\\$ '"
+- name: /root/.bash_aliases
+  copy:
+    src: bash_aliases
+    dest: /root/.bash_aliases
+
+- name: /etc/skel/.bash_aliases
+  copy:
+    src: bash_aliases
+    dest: /etc/skel/.bash_aliases
 
 - name: include .bash_aliases in /root/.bashrc
   lineinfile:
     dest: /root/.bashrc
     line: "source /root/.bash_aliases"
+    create: yes
 
-- name: /root/.bash_aliases
-  copy:
-    src: bash_aliases
-    dest: /root/.bash_aliases
+- name: include .bash_aliases in /etc/skel/.bashrc
+  lineinfile:
+    dest: /etc/skel/.bashrc
+    line: "source ~/.bash_aliases"
+    create: yes
 
 - name: /root/.emacs
   copy:
     src: emacs
     dest: /root/.emacs
 
-- name: include .bash_aliases in /home/ubuntu/.bashrc
-  lineinfile:
-    dest: /home/ubuntu/.bashrc
-    line: "source /home/ubuntu/.bash_aliases"
-
-- name: /home/ubuntu/.bash_aliases
-  copy:
-    src: bash_aliases
-    dest: /home/ubuntu/.bash_aliases
-
-- name: /home/ubuntu/.emacs
+- name: /etc/skel/.emacs
   copy:
     src: emacs
-    dest: /home/ubuntu/.emacs
+    dest: /etc/skel/.emacs
diff --git a/roles/isimip_data/files/dev.conf b/roles/isimip_data/files/dev.conf
@@ -0,0 +1,3 @@
+d /var/log/django/dev        750 isimip isimip
+d /var/log/gunicorn/dev      750 isimip isimip
+d /run/gunicorn/dev          750 isimip isimip
diff --git a/roles/isimip_data/files/dev.service b/roles/isimip_data/files/dev.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=dev.isimip.org gunicorn daemon
+After=network.target
+
+[Service]
+User=isimip
+Group=isimip
+
+WorkingDirectory=/home/isimip/isimip-data/dev
+EnvironmentFile=/home/isimip/isimip-data/dev/.env
+GUNICORN_BIN=/home/isimip/isimip-data/dev/env/bin/gunicorn
+GUNICORN_WORKER=3
+GUNICORN_PORT=9001
+GUNICORN_PID_FILE=/run/gunicorn/dev/pid
+GUNICORN_ACCESS_LOG_FILE=/var/log/gunicorn/dev/access.log
+GUNICORN_ERROR_LOG_FILE=/var/log/gunicorn/dev/error.log
+
+ExecStart=/bin/sh -c '${GUNICORN_BIN} \
+  --workers ${GUNICORN_WORKER} \
+  --pid ${GUNICORN_PID_FILE} \
+  --bind localhost:${GUNICORN_PORT} \
+  --access-logfile ${GUNICORN_ACCESS_LOG_FILE} \
+  --error-logfile ${GUNICORN_ERROR_LOG_FILE} \
+  config.wsgi:application'
+
+ExecReload=/bin/sh -c '/usr/bin/pkill -HUP -F ${GUNICORN_PID_FILE}'
+
+ExecStop=/bin/sh -c '/usr/bin/pkill -TERM -F ${GUNICORN_PID_FILE}'
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/isimip_data/files/prod.conf b/roles/isimip_data/files/prod.conf
@@ -0,0 +1,3 @@
+d /var/log/django/prod       750 isimip isimip
+d /var/log/gunicorn/prod     750 isimip isimip
+d /run/gunicorn/prod         750 isimip isimip
diff --git a/roles/isimip_data/files/prod.service b/roles/isimip_data/files/prod.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=data.isimip.org gunicorn daemon
+After=network.target
+
+[Service]
+User=isimip
+Group=isimip
+
+WorkingDirectory=/home/isimip/isimip-data/data
+EnvironmentFile=/home/isimip/isimip-data/data/.env
+GUNICORN_BIN=/home/isimip/isimip-data/data/env/bin/gunicorn
+GUNICORN_WORKER=3
+GUNICORN_PORT=9001
+GUNICORN_PID_FILE=/run/gunicorn/data/pid
+GUNICORN_ACCESS_LOG_FILE=/var/log/gunicorn/data/access.log
+GUNICORN_ERROR_LOG_FILE=/var/log/gunicorn/data/error.log
+
+ExecStart=/bin/sh -c '${GUNICORN_BIN} \
+  --workers ${GUNICORN_WORKER} \
+  --pid ${GUNICORN_PID_FILE} \
+  --bind localhost:${GUNICORN_PORT} \
+  --access-logfile ${GUNICORN_ACCESS_LOG_FILE} \
+  --error-logfile ${GUNICORN_ERROR_LOG_FILE} \
+  config.wsgi:application'
+
+ExecReload=/bin/sh -c '/usr/bin/pkill -HUP -F ${GUNICORN_PID_FILE}'
+
+ExecStop=/bin/sh -c '/usr/bin/pkill -TERM -F ${GUNICORN_PID_FILE}'
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/isimip_data/tasks/main.yml b/roles/isimip_data/tasks/main.yml
@@ -0,0 +1,18 @@
+- name: tmpfiles.d conf is present on data.isimip.org
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item }}"
+  when: ansible_host == "data.isimip.org"
+  with_items:
+  - prod.service
+  - dev.service
+
+- name: systemd services are present on data.isimip.org
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/tmpfiles.d/{{ item }}"
+  when: ansible_host == "data.isimip.org"
+  with_items:
+  - prod.conf
+  - dev.conf
+
diff --git a/roles/isimip_files_api/files/api-app.service b/roles/isimip_files_api/files/api-app.service
@@ -0,0 +1,34 @@
+[Unit]
+Description=isimip-files-api gunicorn daemon
+PartOf=api.service
+After=api.service
+
+[Service]
+User=isimip
+Group=isimip
+
+WorkingDirectory=/home/isimip/api
+EnvironmentFile=/home/isimip/api/.env
+Environment=GUNICORN_BIN=/home/isimip/api/env/bin/gunicorn
+Environment=GUNICORN_WORKER=3
+Environment=GUNICORN_PORT=9002
+Environment=GUNICORN_TIMEOUT=120
+Environment=GUNICORN_PID_FILE=/run/gunicorn/api/pid
+Environment=GUNICORN_ACCESS_LOG_FILE=/var/log/gunicorn/api/access.log
+Environment=GUNICORN_ERROR_LOG_FILE=/var/log/gunicorn/api/error.log
+
+ExecStart=/bin/sh -c '${GUNICORN_BIN} \
+  --workers ${GUNICORN_WORKER} \
+  --pid ${GUNICORN_PID_FILE} \
+  --bind localhost:${GUNICORN_PORT} \
+  --timeout ${GUNICORN_TIMEOUT} \
+  --access-logfile ${GUNICORN_ACCESS_LOG_FILE} \
+  --error-logfile ${GUNICORN_ERROR_LOG_FILE} \
+  "isimip_files_api.app:create_app()"'
+
+ExecReload=/bin/sh -c '/usr/bin/pkill -HUP -F ${GUNICORN_PID_FILE}'
+
+ExecStop=/bin/sh -c '/usr/bin/pkill -TERM -F ${GUNICORN_PID_FILE}'
+
+[Install]
+WantedBy=api.target
diff --git a/roles/isimip_files_api/files/api-worker.service b/roles/isimip_files_api/files/api-worker.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=RQ worker for isimip-files-api
+PartOf=api.service
+After=api.service
+
+[Service]
+Type=simple
+User=isimip
+Group=isimip
+
+WorkingDirectory=/home/isimip/api
+Environment=LANG=en_US.UTF-8
+Environment=LC_ALL=en_US.UTF-8
+Environment=LC_LANG=en_US.UTF-8
+ExecStart=/home/isimip/api/env/bin/rq worker
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+Restart=always
+
+[Install]
+WantedBy=api.target
diff --git a/roles/isimip_files_api/files/api.conf b/roles/isimip_files_api/files/api.conf
@@ -0,0 +1,2 @@
+d /var/log/gunicorn/api     750 isimip isimip
+d /run/gunicorn/api         750 isimip isimip
diff --git a/roles/isimip_files_api/files/api.service b/roles/isimip_files_api/files/api.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=pseudo-service to start/stop all isimip-files-api services
+
+[Service]
+Type=oneshot
+ExecStart=/bin/true
+RemainAfterExit=yes
+
+[Install]
+WantedBy=network.target
diff --git a/roles/isimip_files_api/tasks/main.yml b/roles/isimip_files_api/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: tmpfiles.d conf is present
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item }}"
+  when: ansible_host == "files.isimip.org"
+  with_items:
+  - api.service
+  - api-app.service
+  - api-worker.service
+
+- name: systemd services are present
+  copy:
+    src: "api.conf"
+    dest: "/etc/tmpfiles.d/api.conf"
+  when: ansible_host == "files.isimip.org"
diff --git a/roles/nginx/files/data.isimip.org.conf b/roles/nginx/files/data.isimip.org.conf
@@ -1,17 +1,22 @@
 server {
+    server_name data.isimip.org;
+
     listen 80 default_server;
     listen [::]:80 default_server;
 
-    # listen 443 ssl default_server;
-    # listen [::]:443 ssl default_server;
-
-    root /var/www/html;
+    access_log /var/log/nginx/data.isimip.org.access.log;
+    error_log /var/log/nginx/data.isimip.org.error.log;
 
+    root /srv/www/htdocs;
     index index.html;
 
-    server_name data.isimip.org;
-
     location / {
-        try_files $uri $uri/ =404;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_pass http://localhost:9000/;
+    }
+    location /static/ {
+        alias /home/isimip-data/prod/static_root/;
     }
 }
diff --git a/roles/nginx/files/dev.isimip.org.conf b/roles/nginx/files/dev.isimip.org.conf
@@ -0,0 +1,22 @@
+server {
+    server_name dev.isimip.org;
+
+    listen 80;
+    listen [::]:80;
+
+    access_log /var/log/nginx/dev.isimip.org.access.log;
+    error_log /var/log/nginx/dev.isimip.org.error.log;
+
+    root /srv/www/htdocs;
+    index index.html;
+
+    location / {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_pass http://localhost:9001/;
+    }
+    location /static/ {
+        alias /home/isimip-data/dev/static_root/;
+    }
+}
diff --git a/roles/nginx/files/files.isimip.org.conf b/roles/nginx/files/files.isimip.org.conf
@@ -1,17 +1,18 @@
 server {
+    server_name files.isimip.org;
+
     listen 80 default_server;
     listen [::]:80 default_server;
 
-    # listen 443 ssl default_server;
-    # listen [::]:443 ssl default_server;
-
-    root /var/www/html;
+    access_log /var/log/nginx/files.isimip.org.access.log;
+    error_log /var/log/nginx/files.isimip.org.error.log;
 
+    root /data/public/;
     index index.html;
 
-    server_name files.isimip.org;
-
     location / {
         try_files $uri $uri/ =404;
+        autoindex on;
+        add_header 'Access-Control-Allow-Origin' '*';
     }
 }
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
@@ -1,16 +1,40 @@
 ---
 
 - name: nginx is installed
-  apt: name=nginx  state=present
+  zypper:
+    name: nginx
+    state: present
 
 - name: nginx config is present
   copy:
     src: "{{ ansible_host }}.conf"
-    dest: /etc/nginx/sites-available/default
+    dest: /etc/nginx/vhosts.d/{{ ansible_host }}.conf
   notify:
   - restart nginx
 
+- name: nginx config for dev.isimip.org is present on data.isimip.org
+  copy:
+    src: "dev.isimip.org.conf"
+    dest: /etc/nginx/vhosts.d/dev.isimip.org.conf
+  when: ansible_host == "data.isimip.org"
+  notify:
+  - restart nginx
+
+- name: firewalld allows http connections
+  firewalld:
+    service: http
+    permanent: yes
+    immediate: yes
+    state: enabled
+
 - name: index.html is present
   template:
     src: index.html
-    dest: /var/www/html/index.html
+    dest: /srv/www/htdocs/index.html
+
+- name: /data/public is present on files.isimip.org
+  file:
+    path: /data/public
+    state: directory
+    mode: '0755'
+  when: ansible_host == "files.isimip.org"
diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml
@@ -1,11 +1,6 @@
 ---
 
-- name: all packages are on the latest version
-  apt:
-    upgrade: dist
-    update_cache: yes
-
 - name: common packages are present
-  apt:
+  zypper:
     name: "{{ packages }}"
     state: present
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		d /var/log/gunicorn/api 750 isimip isimip
		d /run/gunicorn/api 750 isimip isimip