From 28d2d8a0da8b624d0a256ac492afe7605fa8d260 Mon Sep 17 00:00:00 2001 From: Sacha Chua Date: Wed, 12 Oct 2022 20:28:41 -0400 Subject: Be able to deploy pad to live0 --- .gitignore | 1 + README.org | 19 ++++--- docker-destroy.yaml | 18 ------- docker-destroy.yml | 18 +++++++ docker-inventory.yaml | 11 ----- docker-inventory.yml | 11 +++++ docker-playbook.yaml | 39 --------------- docker-playbook.yml | 45 +++++++++++++++++ docker-reuse-playbook.yaml | 21 -------- docker-reuse-playbook.yml | 27 ++++++++++ inventory.yaml | 11 ----- inventory.yml | 13 +++++ pad/defaults/main.yml | 2 - pad/tasks/main.yml | 121 ++++++++++++++++++++++++++------------------- pad/tasks/mariadb.yml | 22 ++++++++- prod-playbook.yaml | 9 ---- prod-playbook.yml | 15 ++++++ 17 files changed, 234 insertions(+), 169 deletions(-) create mode 100644 .gitignore delete mode 100644 docker-destroy.yaml create mode 100644 docker-destroy.yml delete mode 100644 docker-inventory.yaml create mode 100644 docker-inventory.yml delete mode 100644 docker-playbook.yaml create mode 100644 docker-playbook.yml delete mode 100644 docker-reuse-playbook.yaml create mode 100644 docker-reuse-playbook.yml delete mode 100644 inventory.yaml create mode 100644 inventory.yml delete mode 100644 prod-playbook.yaml create mode 100644 prod-playbook.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6921293 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +prod-vars.yml diff --git a/README.org b/README.org index 7554082..799bc1a 100644 --- a/README.org +++ b/README.org @@ -3,34 +3,38 @@ for various pieces of the EmacsConf infrastructure. ansible-galaxy collection install community.general +Production: needs prod-vars.yml, see prod-vars.yml.sample + * Front - publishing ** Prod To run the playbook and publish the main schedule: -ansible-playbook -i inventory.yaml prod-playbook.yaml +ansible-playbook -i inventory.yml prod-playbook.yml Update a specific talk's before/nav and the main schedule: (ex: wayland) -ansible-playbook playbook.yaml -e '{"slug": "wayland"}' -i inventory.yaml +ansible-playbook playbook.yml -e '{"slug": "wayland"}' -i inventory.yml ** Docker Creating: -- ansible-playbook -i docker-inventory.yaml docker-playbook.yaml +- ansible-playbook -i docker-inventory.yml docker-playbook.yml Reusing: -- ansible-playbook -i docker-inventory.yaml docker-reuse-playbook.yaml +- ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml With docker: https://stackoverflow.com/questions/24738264/how-to-test-ansible-playbook-using-docker * Pad +** Production +ansible-playbook -i inventory.yml prod-playbook.yml --tags pad ** Docker Creating: -ansible-playbook -i docker-inventory.yaml docker-playbook.yaml --tags pad +ansible-playbook -i docker-inventory.yml docker-playbook.yml --tags pad Reusing an existing container: -ansible-playbook -i docker-inventory.yaml docker-reuse-playbook.yaml --tags pad +ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags pad Connecting: docker exec -it emacsconf-pad /bin/bash Creating pads -ansible-playbook -i docker-inventory.yaml docker-reuse-playbook.yaml --tags create-pads +ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags create-pads file:/docker:emacsconf-pad:/home/etherpad/etherpad/ @@ -46,6 +50,7 @@ docker exec emacsconf-pad cat /home/etherpad/etherpad/APIKEY.txt b7a15dc34cc7f6917cca6cd9a2b4b92145af7c7cd9b341af34869ab8cd3568be :end: + #+begin_src sh :var padkey=pad-key echo curl "http://localhost:9001/api/1/createPad?apikey=$padkey&padID=emacsconf-2022" curl "http://localhost:9001/api/1/createPad?apikey=$padkey&padID=emacsconf-2022" diff --git a/docker-destroy.yaml b/docker-destroy.yaml deleted file mode 100644 index f401dba..0000000 --- a/docker-destroy.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Destroy emacsconf-front container - hosts: localhost - tags: front - tasks: - - name: destroy front docker container - docker_container: - name: emacsconf-front - state: absent - -- name: Destroy emacsconf-pad container - hosts: localhost - tags: pad - tasks: - - name: destroy pad docker container - docker_container: - name: emacsconf-pad - state: absent diff --git a/docker-destroy.yml b/docker-destroy.yml new file mode 100644 index 0000000..f401dba --- /dev/null +++ b/docker-destroy.yml @@ -0,0 +1,18 @@ +--- +- name: Destroy emacsconf-front container + hosts: localhost + tags: front + tasks: + - name: destroy front docker container + docker_container: + name: emacsconf-front + state: absent + +- name: Destroy emacsconf-pad container + hosts: localhost + tags: pad + tasks: + - name: destroy pad docker container + docker_container: + name: emacsconf-pad + state: absent diff --git a/docker-inventory.yaml b/docker-inventory.yaml deleted file mode 100644 index b1be91e..0000000 --- a/docker-inventory.yaml +++ /dev/null @@ -1,11 +0,0 @@ -all: - hosts: - emacsconf-front: - ansible_connection: docker - ansible_python_interpreter: /usr/bin/python3 - emacsconf-pad: - ansible_connection: docker - ansible_python_interpreter: /usr/bin/python3 - localhost: - ansible_connection: local - diff --git a/docker-inventory.yml b/docker-inventory.yml new file mode 100644 index 0000000..b1be91e --- /dev/null +++ b/docker-inventory.yml @@ -0,0 +1,11 @@ +all: + hosts: + emacsconf-front: + ansible_connection: docker + ansible_python_interpreter: /usr/bin/python3 + emacsconf-pad: + ansible_connection: docker + ansible_python_interpreter: /usr/bin/python3 + localhost: + ansible_connection: local + diff --git a/docker-playbook.yaml b/docker-playbook.yaml deleted file mode 100644 index 6235624..0000000 --- a/docker-playbook.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Create a front container to be provisioned later - tags: docker-front - hosts: localhost - tasks: - - name: create docker container - docker_container: - name: emacsconf-front - image: python:3-buster - command: ["sleep", "1d"] - pull: yes - published_ports: - - "28080:80" - - "2022:22" - -- name: Provision the emacsconf-front container created above - tags: docker-front - hosts: emacsconf-front - roles: - - wiki - -- name: Create a pad container to be provisioned later - tags: pad - hosts: localhost - tasks: - - name: create docker container - docker_container: - name: emacsconf-pad - image: python:3-buster - command: ["sleep", "1d"] - pull: yes - published_ports: - - "9001:9001" - -- name: Provision the pad container created above - tags: pad - hosts: emacsconf-pad - roles: - - pad diff --git a/docker-playbook.yml b/docker-playbook.yml new file mode 100644 index 0000000..124c55d --- /dev/null +++ b/docker-playbook.yml @@ -0,0 +1,45 @@ +--- +- name: Load vars + hosts: all + tags: always + tasks: + - include_vars: + file: docker-vars.yml +- name: Create a front container to be provisioned later + tags: docker-front + hosts: localhost + tasks: + - name: create docker container + docker_container: + name: emacsconf-front + image: python:3-buster + command: ["sleep", "1d"] + pull: yes + published_ports: + - "28080:80" + - "2022:22" + +- name: Provision the emacsconf-front container created above + tags: docker-front + hosts: emacsconf-front + roles: + - wiki + +- name: Create a pad container to be provisioned later + tags: pad + hosts: localhost + tasks: + - name: create docker container + docker_container: + name: emacsconf-pad + image: python:3-buster + command: ["sleep", "1d"] + pull: yes + published_ports: + - "9001:9001" + +- name: Provision the pad container created above + tags: pad + hosts: emacsconf-pad + roles: + - pad diff --git a/docker-reuse-playbook.yaml b/docker-reuse-playbook.yaml deleted file mode 100644 index c187817..0000000 --- a/docker-reuse-playbook.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Load talks - hosts: localhost - tags: create-pads - tasks: - - include_vars: - file: talks.json - name: talks - -- name: Set up the emacsconf-front wiki - hosts: emacsconf-front - tags: front - roles: - - wiki - -- name: Set up the emacsconf-pad - hosts: emacsconf-pad - tags: pad - roles: - - pad - diff --git a/docker-reuse-playbook.yml b/docker-reuse-playbook.yml new file mode 100644 index 0000000..10df7d6 --- /dev/null +++ b/docker-reuse-playbook.yml @@ -0,0 +1,27 @@ +--- +- name: Load vars + hosts: all + tags: always + tasks: + - include_vars: + file: docker-vars.yml +- name: Load talks + hosts: localhost + tags: create-pads + tasks: + - include_vars: + file: talks.json + name: talks + +- name: Set up the emacsconf-front wiki + hosts: emacsconf-front + tags: front + roles: + - wiki + +- name: Set up the emacsconf-pad + hosts: emacsconf-pad + tags: pad + roles: + - pad + diff --git a/inventory.yaml b/inventory.yaml deleted file mode 100644 index 69b3213..0000000 --- a/inventory.yaml +++ /dev/null @@ -1,11 +0,0 @@ -prod: - hosts: - front: - ansible_host: front0.emacsconf.org - remote_user: orga - publish: - ansible_host: front0.emacsconf.org - remote_user: orga - pad: - ansible_host: front0.emacsconf.org - remote_user: orga diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..1e7f55e --- /dev/null +++ b/inventory.yml @@ -0,0 +1,13 @@ +prod: + hosts: + front: + ansible_host: front0.emacsconf.org + remote_user: orga + publish: + ansible_host: front0.emacsconf.org + remote_user: orga + pad: + ansible_host: live0.emacsconf.org + remote_user: orga + ansible_ssh_user: orga + ansible_python_interpreter: /usr/bin/python3 diff --git a/pad/defaults/main.yml b/pad/defaults/main.yml index 386abf7..9d2e294 100644 --- a/pad/defaults/main.yml +++ b/pad/defaults/main.yml @@ -1,11 +1,9 @@ --- # defaults file for pad etherpad_path: /home/etherpad/etherpad -etherpad_database_password: cgdh23dho etherpad_database_name: emacsconf_pad etherpad_database_user: etherpad etherpad_user: etherpad etherpad_group: etherpad -etherpad_api_key: b7a15dc34cc7f6917cca6cd9a2b4b92145af7c7cd9b341af34869ab8cd3568be etherpad_base: emacsconf etherpad_year: 2022 diff --git a/pad/tasks/main.yml b/pad/tasks/main.yml index 8637406..bb3209d 100644 --- a/pad/tasks/main.yml +++ b/pad/tasks/main.yml @@ -1,70 +1,91 @@ --- # tasks file for pad -- name: Add nodesource key - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - state: present -- name: Add nodesource repository - ansible.builtin.apt_repository: - repo: deb https://deb.nodesource.com/node_13.x buster main - update_cache: yes -- name: Install packages - apt: - update_cache: yes - name: - - systemd - - sudo - - nodejs - - mariadb-server - - mariadb-client - state: present -- name: Create etherpad user - user: - name: etherpad - home: /home/etherpad - shell: /bin/bash - state: present -- name: Install etherpad - git: - repo: https://github.com/ether/etherpad-lite.git - dest: "{{ etherpad_path }}" - depth: 1 +- name: Set up packages as root become: true - become_user: etherpad -- name: Configure etherpad - template: - src: templates/settings.json - dest: "{{ etherpad_path }}/settings.json" -- name: Set etherpad API key - copy: - content: "{{ etherpad_api_key }}" - dest: "{{ etherpad_path }}/APIKEY.txt" - owner: "{{ etherpad_user }}" - mode: "0600" -- name: Install dependencies - shell: cd {{ etherpad_path }}; . src/bin/functions.sh; src/bin/installDeps.sh + block: + - name: Add nodesource key + apt_key: + url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key + state: present + - name: Add nodesource repository + ansible.builtin.apt_repository: + repo: deb https://deb.nodesource.com/node_13.x buster main + update_cache: yes + - name: Install packages + apt: + update_cache: yes + name: + - systemd + - sudo + - nodejs + - mariadb-server + - mariadb-client + state: present + - name: Create etherpad user + user: + name: etherpad + home: /home/etherpad + shell: /bin/bash + state: present +- include: mariadb.yml become: true - become_user: etherpad -- name: Install etherpad plugins - npm: - name: ep_pad-lister - path: "{{ etherpad_path }}" +- name: Set up etherpad as the etherpad user + tags: etherpad-src become: true - become_user: etherpad -- include: mariadb.yml + block: + - name: Install etherpad + git: + repo: https://github.com/ether/etherpad-lite.git + dest: "{{ etherpad_path }}" + depth: 1 + - name: Configure etherpad + template: + src: templates/settings.json + dest: "{{ etherpad_path }}/settings.json" + - name: Install dependencies + shell: cd {{ etherpad_path }}; . src/bin/functions.sh; src/bin/installDeps.sh + - name: Install etherpad plugins + npm: + name: ep_pad-lister + path: "{{ etherpad_path }}" + - name: Change ownership + file: + dest: /home/etherpad/etherpad + owner: "{{ etherpad_user }}" + group: "{{ etherpad_group }}" + recurse: true + - name: Set etherpad API key + copy: + content: "{{ etherpad_api_key }}" + dest: "{{ etherpad_path }}/APIKEY.txt" + owner: "{{ etherpad_user }}" + mode: "0600" - name: Install init.d configuration tags: system + become: true template: src: etherpad.init.d dest: /etc/init.d/etherpad owner: root group: root + mode: 0644 + when: use_initd is defined +- name: Install systemd configuration + tags: system + become: true + template: + src: etherpad.service + dest: /etc/systemd/system/etherpad.service + owner: root + group: root mode: 0755 + when: use_initd is not defined - name: Start Etherpad tags: system + become: true service: name: etherpad - state: started + state: restarted - tags: create-pads include_vars: file: talks.json diff --git a/pad/tasks/mariadb.yml b/pad/tasks/mariadb.yml index 7a406c9..8e613b6 100644 --- a/pad/tasks/mariadb.yml +++ b/pad/tasks/mariadb.yml @@ -5,10 +5,30 @@ - mariadb-server - mariadb-client - python3-mysqldb +- name: Ensure anonymous users are not in the database + mysql_user: + name: "" + host: "{{ item }}" + state: absent + with_items: + - localhost + - 127.0.0.1 + - ::1 + - "%" +- name: Ensure mysql is configured to bind only to localhost + ini_file: + dest: /etc/mysql/my.cnf + section: mysqld + option: "bind-address" + value: "127.0.0.1" - name: Start MariaDB service: name: mysql - state: started + state: restarted + enabled: yes + runlevel: + - 3 + - 5 - name: Ensure emacsconf-pad database exists mysql_db: name: "{{ etherpad_database_name }}" diff --git a/prod-playbook.yaml b/prod-playbook.yaml deleted file mode 100644 index 83f7e7f..0000000 --- a/prod-playbook.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Set up wiki for publishing - hosts: publish - roles: - - wiki-edit -- name: Set up pad - hosts: pad - vars_files: prod-vars.yml - roles: - - pad diff --git a/prod-playbook.yml b/prod-playbook.yml new file mode 100644 index 0000000..eb12597 --- /dev/null +++ b/prod-playbook.yml @@ -0,0 +1,15 @@ +- name: Load vars + hosts: all + tags: always + tasks: + - include_vars: + file: prod-vars.yml +- name: Set up wiki for publishing + hosts: publish + roles: + - wiki-edit +- name: Set up pad + hosts: pad + tags: pad + roles: + - pad -- cgit v1.2.3