Refactor to use SUSE and add isimip-data, isimip-files-api, and isimi…

…p-publisher roles

main.yml

@@ -12,7 +12,12 @@
     tags: ['packages']
   - role: nginx
     tags: ['nginx']
-  - role: isimip_data
-    tags: ['isimip_data']
-  - role: isimip_files_api
-    tags: ['isimip_data']
+  - role: isimip-data
+    tags: ['isimip-data']
+    when: ansible_host == "data.isimip.org"
+  - role: isimip-files-api
+    tags: ['isimip-data']
+    when: ansible_host == "files.isimip.org"
+  - role: isimip-publisher
+    tags: ['isimip-publisher']
+    when: ansible_host == "files.isimip.org"

roles/isimip-data/files/dev.conf

@@ -0,0 +1,3 @@
+d /var/log/django/dev        750 isimip-data isimip
+d /var/log/gunicorn/dev      750 isimip-data isimip
+d /run/gunicorn/dev          750 isimip-data isimip

roles/isimip_data/files/dev.service → roles/isimip-data/files/dev.service

@@ -3,12 +3,12 @@ Description=dev.isimip.org gunicorn daemon
 After=network.target
 
 [Service]
-User=isimip
+User=isimip-data
 Group=isimip
 
-WorkingDirectory=/home/isimip/isimip-data/dev
-EnvironmentFile=/home/isimip/isimip-data/dev/.env
-GUNICORN_BIN=/home/isimip/isimip-data/dev/env/bin/gunicorn
+WorkingDirectory=/srv/www/dev
+EnvironmentFile=/srv/www/dev/.env
+GUNICORN_BIN=/srv/www/dev/env/bin/gunicorn
 GUNICORN_WORKER=3
 GUNICORN_PORT=9001
 GUNICORN_PID_FILE=/run/gunicorn/dev/pid

roles/isimip-data/files/prod.conf

@@ -0,0 +1,3 @@
+d /var/log/django/prod       750 isimip-data isimip
+d /var/log/gunicorn/prod     750 isimip-data isimip
+d /run/gunicorn/prod         750 isimip-data isimip

roles/isimip_data/files/prod.service → roles/isimip-data/files/prod.service

@@ -6,9 +6,9 @@ After=network.target
 User=isimip
 Group=isimip
 
-WorkingDirectory=/home/isimip/isimip-data/data
-EnvironmentFile=/home/isimip/isimip-data/data/.env
-GUNICORN_BIN=/home/isimip/isimip-data/data/env/bin/gunicorn
+WorkingDirectory=/srv/www/prod
+EnvironmentFile=/srv/www/prod/.env
+GUNICORN_BIN=/srv/www/prod/env/bin/gunicorn
 GUNICORN_WORKER=3
 GUNICORN_PORT=9001
 GUNICORN_PID_FILE=/run/gunicorn/data/pid

roles/isimip-data/tasks/main.yml

@@ -0,0 +1,58 @@
+- name: Add the isimip group
+  group:
+    name: isimip
+    gid: 2000
+    state: present
+
+- name: Add the isimip-data user
+  user:
+    name: isimip-data
+    comment: isimip-data user
+    uid: 2000
+    group: isimip
+    shell: /bin/bash
+
+- name: Install PostgreSQL 10
+  zypper:
+    name:
+    - postgresql10
+    - postgresql10-server
+    - postgresql10-devel
+    state: present
+
+- name: Create /srv/www/prod and /srv/www/dev for isimip-data
+  file:
+    path: /srv/www/{{ item }}
+    state: directory
+    owner: isimip-data
+    group: isimip
+  with_items:
+  - prod
+  - dev
+
+- name: Clone the isimip-data repo
+  git:
+    repo: 'https://github.com/ISI-MIP/isimip-data'
+    dest: /srv/www/{{ item }}
+    update: no
+  become: yes
+  become_user: isimip-data
+  with_items:
+  - prod
+  - dev
+
+- name: Copy systemd service files
+  copy:
+    src: "{{ item }}.service"
+    dest: "/etc/systemd/system/{{ item }}.service"
+  with_items:
+  - prod
+  - dev
+
+- name: Copy tmpfiles.d files
+  copy:
+    src: "{{ item }}.conf"
+    dest: "/etc/tmpfiles.d/{{ item }}.conf"
+  with_items:
+  - prod
+  - dev

roles/isimip-files-api/files/api.conf

@@ -0,0 +1,2 @@
+d /var/log/gunicorn/api     750 isimip-files-api isimip
+d /run/gunicorn/api         750 isimip-files-api isimip

roles/isimip-files-api/tasks/main.yml

@@ -0,0 +1,43 @@
+- name: Add the isimip group
+  group:
+    name: isimip
+    gid: 2000
+    state: present
+
+- name: Add the isimip-files-api user
+  user:
+    name: isimip-files-api
+    comment: isimip-files-api user
+    uid: 2001
+    group: isimip
+    shell: /bin/bash
+
+- name: Create /srv/www/api for isimip-data
+  file:
+    path: /srv/www/api
+    state: directory
+    owner: isimip-files-api
+    group: isimip
+
+- name: Clone the isimip-files-api repo
+  git:
+    repo: 'https://github.com/ISI-MIP/isimip-files-api'
+    dest: /srv/www/api
+    update: no
+  become_user: isimip-files-api
+
+- name: tmpfiles.d conf is present
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item }}"
+  when: ansible_host == "files.isimip.org"
+  with_items:
+  - api.service
+  - api-app.service
+  - api-worker.service
+
+- name: systemd services are present
+  copy:
+    src: "api.conf"
+    dest: "/etc/tmpfiles.d/api.conf"
+  when: ansible_host == "files.isimip.org"

roles/isimip-publisher/tasks/main.yml

@@ -0,0 +1,32 @@
+- name: Add the isimip group
+  group:
+    name: isimip
+    gid: 2000
+    state: present
+
+- name: Add the isimip user
+  user:
+    name: isimip
+    comment: isimip user
+    uid: 2000
+    group: isimip
+    shell: /bin/bash
+
+- name: Clone the isimip-publisher repo
+  git:
+    repo: 'https://github.com/ISI-MIP/isimip-publisher'
+    dest: /home/isimip/isimip-publisher
+    update: no
+  become_user: isimip-files-api
+
+- name: /data is present on files.isimip.org
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: isimip
+    group: isimip
+    mode: '0755'
+  with_items:
+  - /data
+  - /data/public
+  - /data/archive

roles/nginx/tasks/main.yml

@@ -31,10 +31,3 @@
   template:
     src: index.html
     dest: /srv/www/htdocs/index.html
-
-- name: /data/public is present on files.isimip.org
-  file:
-    path: /data/public
-    state: directory
-    mode: '0755'
-  when: ansible_host == "files.isimip.org"

roles/packages/vars/main.yml

@@ -1,18 +1,18 @@
 ---
 
 packages:
+# utils
 - pwgen
 - screen
 - rsync
+- git
+- the_silver_searcher
 
 # editor
 - vim
 - nano
 - emacs-nox
 
-# development
-- git
-
 # compression
 - zip
 - unzip
@@ -37,6 +37,3 @@ packages:
 - pv
 - lsof
 - inxi
-
-# other
-- the_silver_searcher