diff options
author | Javier Sepulveda <javier.sepulveda@uv.es> | 2024-04-18 12:11:32 +0200 |
---|---|---|
committer | Javier Sepulveda <javier.sepulveda@uv.es> | 2024-04-18 12:11:32 +0200 |
commit | 5c37e95f38484d98a1bb3d263c2ca47d4a88d04b (patch) | |
tree | 4afab013178b12f8c08605d213efdb37f112014d | |
download | ansible-taler-exchange-5c37e95f38484d98a1bb3d263c2ca47d4a88d04b.tar.gz ansible-taler-exchange-5c37e95f38484d98a1bb3d263c2ca47d4a88d04b.tar.bz2 ansible-taler-exchange-5c37e95f38484d98a1bb3d263c2ca47d4a88d04b.zip |
25 files changed, 272 insertions, 0 deletions
@@ -0,0 +1,32 @@ +RUN THE ANSIBLE SETUP +======================== + +To run this ansible deployment script simply run : +--------------------------------------------------- + +1.For staging and tests: ansible-playbook -i inventories/staging --user root playbooks/play.yml +2.For production: ansible-playbook -i inventories/production --user root playbooks/play.yml + +Roles (set of tasks): +=========================== + +Brief explanation about what the play.yml really executes: + +Roles: + +0.Packages (including Taler packages) +1.Webserver +2.Database +3.Taler setup + +ROLE-> TASKS: +--------------- +Packages: Install base packges + Add Taler repo to sources.list + Install Taler packages (exchange so far) +Webserver: Install NGINX + Enable Virtualhost + Request CERTS +Database: Install Postgres + Configure Postgres +Taler: Taler specific configurations (as setup-exchange.sh from regional currency script (old Netzbon)). + + + + + diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..5144577 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,7 @@ +[defaults] +inventory = inventories +roles_path = roles +remote_user = root + +[ssh_connection] +private_key_file = ~/.ssh/id_rsa diff --git a/inventories/production/hosts b/inventories/production/hosts new file mode 100644 index 0000000..a8dfbbb --- /dev/null +++ b/inventories/production/hosts @@ -0,0 +1,4 @@ +[production] +#taler-ops production server +82.220.38.8 + diff --git a/inventories/staging/hosts b/inventories/staging/hosts new file mode 100644 index 0000000..97aeec7 --- /dev/null +++ b/inventories/staging/hosts @@ -0,0 +1,2 @@ +[staging] +95.179.240.84 diff --git a/playbooks/play.yml b/playbooks/play.yml new file mode 100644 index 0000000..65472ff --- /dev/null +++ b/playbooks/play.yml @@ -0,0 +1,8 @@ +--- +- name: Deploy GNU Taler + hosts: all + roles: + - packages + - webserver + - database + #- taler diff --git a/roles/database/tasks/configure-postgres.yml b/roles/database/tasks/configure-postgres.yml new file mode 100644 index 0000000..d57fe57 --- /dev/null +++ b/roles/database/tasks/configure-postgres.yml @@ -0,0 +1,16 @@ +--- +- name: Create Taler PostgreSQL user for the new database + postgresql_user: + name: "{{ USER }}" + password: "{{ PASSWORD }}" + become: true + become_user: postgres + +- name: Create Taler database + postgresql_db: + name: "{{ DATABASE }}" + owner: "{{ USER }}" + encoding: UTF-8 + state: present + become: true + become_user: postgres diff --git a/roles/database/tasks/install-postgres.yml b/roles/database/tasks/install-postgres.yml new file mode 100644 index 0000000..06de32f --- /dev/null +++ b/roles/database/tasks/install-postgres.yml @@ -0,0 +1,6 @@ +--- +- name: Install PostgreSQL on Debian/Ubuntu + apt: + name: postgresql + state: present + when: ansible_os_family == 'Debian' diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml new file mode 100644 index 0000000..25af405 --- /dev/null +++ b/roles/database/tasks/main.yml @@ -0,0 +1,8 @@ +--- +# Webserver role + +- name: Install PostgreSQL + include_tasks: install-postgres.yml + +- name: Configure PostgreSQL + include_tasks: configure-postgres.yml diff --git a/roles/database/vars/main.yml b/roles/database/vars/main.yml new file mode 100644 index 0000000..b517e20 --- /dev/null +++ b/roles/database/vars/main.yml @@ -0,0 +1,4 @@ +--- +USER: taler +PASSWORD: 2ccXMVRABfAx5rer +DATABASE: taler_db diff --git a/roles/packages/tasks/add-taler-repo.yml b/roles/packages/tasks/add-taler-repo.yml new file mode 100644 index 0000000..c414754 --- /dev/null +++ b/roles/packages/tasks/add-taler-repo.yml @@ -0,0 +1,10 @@ +- name: GNU/Taler repo + deb822_repository: + name: Taler + types: deb + uris: https://deb.taler.net/apt/debian + suites: bookworm + components: + - main + architectures: amd64 + signed_by: https://taler.net/taler-systems.gpg
\ No newline at end of file diff --git a/roles/packages/tasks/base-packages.yml b/roles/packages/tasks/base-packages.yml new file mode 100644 index 0000000..7e62f5f --- /dev/null +++ b/roles/packages/tasks/base-packages.yml @@ -0,0 +1,15 @@ +--- +- name: Install packages on Debian/Ubuntu + apt: + name: + - uuid-runtime + - make + - sudo + - curl + - jq + - wget + - python3-sphinx + - python3-pip + state: present + when: ansible_os_family == 'Debian' + diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml new file mode 100644 index 0000000..05a7514 --- /dev/null +++ b/roles/packages/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# Role: Install ALL packages and dependencies + +- name: Install base packages + include_tasks: base-packages.yml + +- name: Install Python and Python packages + include_tasks: python-packages.yml + +- name: Add Taler repo to sources.list + include_tasks: add-taler-repo.yml + +- name: Install Taler packages + include_tasks: taler-packages.yml diff --git a/roles/packages/tasks/python-packages.yml b/roles/packages/tasks/python-packages.yml new file mode 100644 index 0000000..bf91cc3 --- /dev/null +++ b/roles/packages/tasks/python-packages.yml @@ -0,0 +1,36 @@ +--- +- name: Install Python on Debian/Ubuntu + package: + name: python3 + state: present + when: ansible_os_family == 'Debian' + +- name: Install PostgreSQL client packages + ansible.builtin.apt: + name: libpq-dev + state: present + +- name: Install psycopg2 + ansible.builtin.apt: + name: python3-psycopg2 + state: present + +- name: Install Python Sphinx + ansible.builtin.apt: + name: python3-sphinx + state: present + +- name: Install Argon2 + ansible.builtin.apt: + name: python3-argon2 + state: present + +- name: Install pycryptodome + ansible.builtin.apt: + name: python3-pycryptodome + state: present + + +# pending packages to install: (haven't found then in debian apt) +# sphinx-markdown-builder +# htmlark diff --git a/roles/packages/tasks/taler-packages.yml b/roles/packages/tasks/taler-packages.yml new file mode 100644 index 0000000..2beb3d1 --- /dev/null +++ b/roles/packages/tasks/taler-packages.yml @@ -0,0 +1,11 @@ +--- +- name: Install Taler packages + apt: + name: + - taler-exchange + #- taler-terms-generator + #- taler-harness + #- libeufin-nexus + #- taler-exchange-offline + state: present + when: ansible_os_family == 'Debian' diff --git a/roles/taler/tasks/main.yml b/roles/taler/tasks/main.yml new file mode 100644 index 0000000..5bde85a --- /dev/null +++ b/roles/taler/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: Configure Taler exchange + # include_tasks: setup-exchange.yml (Devan) diff --git a/roles/taler/tasks/setup-exchange.yml b/roles/taler/tasks/setup-exchange.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/roles/taler/tasks/setup-exchange.yml diff --git a/roles/taler/vars/main.yml b/roles/taler/vars/main.yml new file mode 100644 index 0000000..fdf3d03 --- /dev/null +++ b/roles/taler/vars/main.yml @@ -0,0 +1,7 @@ +BANK_EXCHANGE_PASSWORD: xxxx +BANK_ADMIN_PASSWORD: xxxx +BANK_PORT: xxxx +CURRENCY_NAME: xxxx +IBAN: xxx +HOSTNAME: XXXX +TOS: yes/no diff --git a/roles/webserver/defaults/main.yml b/roles/webserver/defaults/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/roles/webserver/defaults/main.yml diff --git a/roles/webserver/handlers/main.yml b/roles/webserver/handlers/main.yml new file mode 100644 index 0000000..20f3947 --- /dev/null +++ b/roles/webserver/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Reload Nginx + service: + name: nginx + state: reloaded diff --git a/roles/webserver/tasks/enable-virtualhosts.yml b/roles/webserver/tasks/enable-virtualhosts.yml new file mode 100644 index 0000000..3734900 --- /dev/null +++ b/roles/webserver/tasks/enable-virtualhosts.yml @@ -0,0 +1,12 @@ +--- +- name: Ensure virtualhost configuration file exists + template: + src: virtualhosts/exchange-nginx.conf.j2 + dest: "{{ NGINX_SITES_AVAILABLE }}/{{ VIRTUALHOST }}" + notify: Reload Nginx + +- name: Enable virtual host by creating symlink + file: + src: "{{ NGINX_SITES_AVAILABLE }}/{{ VIRTUALHOST }}" + dest: "{{ NGINX_SITES_ENABLED }}/{{ VIRTUALHOST }}" + state: link diff --git a/roles/webserver/tasks/install-nginx.yml b/roles/webserver/tasks/install-nginx.yml new file mode 100644 index 0000000..78ed231 --- /dev/null +++ b/roles/webserver/tasks/install-nginx.yml @@ -0,0 +1,20 @@ +--- +- name: Update apt package index (for Debian/Ubuntu) + apt: + update_cache: yes + when: ansible_os_family == 'Debian' + +- name: Install Nginx + package: + name: nginx + state: present + tags: + - nginx_installation + +- name: Ensure Nginx service is enabled and started + service: + name: nginx + state: started + enabled: yes + tags: + - nginx_service diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml new file mode 100644 index 0000000..a4ca00d --- /dev/null +++ b/roles/webserver/tasks/main.yml @@ -0,0 +1,11 @@ +--- +# Webserver role + +- name: Install NGINX + include_tasks: install-nginx.yml + +- name: Enable Virtualhosts + include_tasks: enable-virtualhosts.yml + +- name: Request certificates + include_tasks: request-certificates.yml diff --git a/roles/webserver/tasks/request-certificates.yml b/roles/webserver/tasks/request-certificates.yml new file mode 100644 index 0000000..48d1ca9 --- /dev/null +++ b/roles/webserver/tasks/request-certificates.yml @@ -0,0 +1,19 @@ +--- +- name: Install Certbot and Certbot Nginx plugin + package: + name: "{{ item }}" + state: present + with_items: + - certbot + - python3-certbot-nginx # Certbot plugin for Nginx + +- name: Obtain or renew SSL certificate using Certbot with Nginx + command: certbot --nginx --domain {{ SUBDOMAIN }}.{{ DOMAIN_NAME }} --redirect --non-interactive --agree-tos --email sysadmin@taler.net + register: certbot_result + changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout" + +- name: Reload Nginx configuration if certificates were obtained or renewed + service: + name: nginx + state: reloaded + when: certbot_result.changed diff --git a/roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j2 b/roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j2 new file mode 100644 index 0000000..47376c3 --- /dev/null +++ b/roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j2 @@ -0,0 +1,16 @@ +server { + + listen 80; + listen [::]:80; + + server_name exchange.{{ DOMAIN_NAME }}; + + # Bigger than default timeout to support long polling + proxy_read_timeout 6500s; + keepalive_requests 1000000; + keepalive_timeout 6500s; + + location / { + proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock; + } +} diff --git a/roles/webserver/vars/main.yml b/roles/webserver/vars/main.yml new file mode 100644 index 0000000..683f1fb --- /dev/null +++ b/roles/webserver/vars/main.yml @@ -0,0 +1,6 @@ +--- +DOMAIN_NAME: valenciatech.cloud +SUBDOMAIN: exchange +NGINX_SITES_AVAILABLE: /etc/nginx/sites-available +NGINX_SITES_ENABLED: /etc/nginx/sites-enabled +VIRTUALHOST: exchange-nginx.conf |