ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE
commit 243c7b80dad23515c814cf2eb308fbe1024ceb7e
parent 457091a121484a328c7bb311c8f4ed7c6d6d907d
Author: Devan Carpenter <devan@taler.net>
Date:   Mon, 18 Nov 2024 13:00:57 +0000

roles: add ansible-pull role

Diffstat:

Alocal.yml | 9+++++++++


Mplaybooks/setup.yml | 4++--


Aroles/ansible-pull/tasks/main.yml | 42++++++++++++++++++++++++++++++++++++++++++


Aroles/ansible-pull/templates/ansible-on-boot.service | 12++++++++++++


Aroles/ansible-pull/templates/ansible-pull.sh | 33+++++++++++++++++++++++++++++++++


Aroles/ansible-pull/templates/pull.fact | 13+++++++++++++


Aroles/ansible-pull/vars/main.yaml | 1+


7 files changed, 112 insertions(+), 2 deletions(-)

diff --git a/local.yml b/local.yml
@@ -0,0 +1,9 @@
+---
+- hosts: all
+  roles:
+    - common_packages
+    - ansible-pull
+    - webserver
+    - database
+    - taler-packages
+    - configuration
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
@@ -3,8 +3,8 @@
   hosts: all
   roles:
     - common_packages
+    - ansible-pull
     - webserver
     - database
-    - taler-libeufin-nexus
-    - taler-exchange
+    - taler-packages
     - configuration
diff --git a/roles/ansible-pull/tasks/main.yml b/roles/ansible-pull/tasks/main.yml
@@ -0,0 +1,42 @@
+- name: Update apt cache
+  apt: update_cache=yes
+
+- name: Install depends
+  apt:
+    name: [ansible, git]
+    state: present
+
+- name: Ensure /etc/ansible/facts.d exists
+  file:
+    path: /etc/ansible/facts.d
+    state: directory
+    recurse: yes
+
+- name: Make /etc/ansible/facts.d/pull.fact
+  template:
+    src: pull.fact
+    dest: /etc/ansible/facts.d/pull.fact
+
+- name: recollect facts
+  setup:
+
+- name: Install the ansible-pull script
+  template: src=ansible-pull.sh dest=/usr/sbin/run-ansible-pull mode=0755 owner=root group=root
+
+- name: Install cronjob
+  cron: name="Ansible Pull" minute="{{ ansible_local.pull.minute | default(59 | random) }}" job="/usr/sbin/run-ansible-pull"
+
+- name: remove old ansible-pull on boot cronjob
+  cron:
+    name: run ansible on reboot
+    state: absent
+
+- name: Install service to run ansible-pull on boot
+  template:
+    src: ansible-on-boot.service
+    dest: /etc/systemd/system/ansible-on-boot.service
+
+- name: Enable ansible pull on boot
+  service:
+    name: ansible-on-boot
+    enabled: yes
diff --git a/roles/ansible-pull/templates/ansible-on-boot.service b/roles/ansible-pull/templates/ansible-on-boot.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=ansible-pull on boot
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/sh -c 'until ping -c 1 -w 1 git.taler.net; do sleep 1; done'
+ExecStart=/usr/bin/ansible-pull -U https://git.taler.net/ansible-taler-exchange.git -d /var/run/ansible/ansible-taler-exchange
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/ansible-pull/templates/ansible-pull.sh b/roles/ansible-pull/templates/ansible-pull.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+{% macro run_playbook(url, name, branch=none) %}
+  start=$(date +%s)
+  ansible-pull -U {{ url }} {% if branch is not none %}-C {{ branch}} {% endif %} -d /var/run/ansible/{{ name }}&> /var/log/ansible-{{ name }}.log
+  code=$?
+
+  if [ -d /var/lib/prometheus/node-exporter ]; then
+    prom_file="/var/lib/prometheus/node-exporter/ansible-playbook-{{ name }}.prom"
+    labels="playbook=\"{{ name }}\", playbook_url=\"{{ url }}\", playbook_branch=\"{{ branch }}\""
+    echo "# HELP ansible_playbook_exit_code The exit code of ansible-pull" > ${prom_file}
+    echo "# TYPE ansible_playbook_exit_code gauge" >> ${prom_file}
+    echo "ansible_playbook_exit_code{${labels}} ${code}" >> ${prom_file}
+
+    echo "# HELP ansible_playbook_time The time a playbook took to run, in seconds" >> ${prom_file}
+    echo "# TYPE ansible_playbook_time gauge" >> ${prom_file}
+    echo "ansible_playbook_time{${labels}} $(expr $(date +%s) - ${start})" >> ${prom_file}
+  fi
+{%- endmacro %}
+
+if [ "$1" == "nodisown" ]; then
+  # Sometimes the $PATH gets messed up in cron, so lets start by setting the record straight
+  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+{{ run_playbook(ansible_local.pull.repo, "ansible-taler-exchange", ansible_local.pull.branch) }}
+{% if "additional_playbooks" in ansible_local %}
+{% for playbook in ansible_local.additional_playbooks %}
+{{ run_playbook(playbook.url, playbook.name, playbook.branch) }}
+{% endfor %}
+{% endif %}
+else
+  $0 nodisown & disown
+fi
diff --git a/roles/ansible-pull/templates/pull.fact b/roles/ansible-pull/templates/pull.fact
@@ -0,0 +1,13 @@
+{
+{% if ansible_local is defined and ansible_local.pull is defined and ansible_local.pull is mapping %}
+  "repo": "{% if ansible_local.pull.repo and ansible_local.pull.repo != "https://git.taler.net/ansible-taler-exchange.git" %}{{ ansible_local.pull.repo }}{% else %}https://git.taler.net/ansible-taler-exchange.git{% endif %}",
+  "branch": "{% if ansible_local.pull.branch and ansible_local.pull.branch != "master" %}{{ ansible_local.pull.branch }}{% else %}main{% endif %}",
+  "minute": {% if ansible_local.pull.minute %}{{ ansible_local.pull.minute }}{% else %}{{ 59 | random }}{% endif %}
+
+{% else %}
+  "repo": "https://git.taler.net/ansible-taler-exchange.git",
+  "branch": "dev/devan-carpenter/development",
+  "minute": "{{ 59 | random }}"
+
+{% endif %}
+}
diff --git a/roles/ansible-pull/vars/main.yaml b/roles/ansible-pull/vars/main.yaml
@@ -0,0 +1 @@
+playbooks: