Deployment to digitalocean works

author: jaseg <code@jaseg.net> 2019-03-27 23:08:20 +0900
committer: jaseg <git@jaseg.net> 2019-03-27 23:08:20 +0900
commit: 295302ba9420e7b83e5053ea45d14601c1312e3f (patch)
tree: 8573378bdd2f596d660935f391a31db28782b39c
parent: 6a90803ae6da0759723deda24d746d18e2fb8b8c (diff)
download: infra-295302ba9420e7b83e5053ea45d14601c1312e3f.tar.gz
infra-295302ba9420e7b83e5053ea45d14601c1312e3f.tar.bz2
infra-295302ba9420e7b83e5053ea45d14601c1312e3f.zip
8 files changed, 250 insertions, 30 deletions
diff --git a/gerboweb-job-processor.service b/gerboweb-job-processor.service
new file mode 100644
index 0000000..8569317
--- /dev/null
+++ b/gerboweb-job-processor.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Gerboweb gerber job processor
+
+[Service]
+WorkingDirectory=/var/lib/gerboweb
+ExecStart=/usr/bin/python3 job_processor.py /var/cache/gerboweb/job_queue.sqlite3
+
+[Install]
+WantedBy=uwsgi-app@gerboweb.service
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..34e2e99
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,7 @@
+---
+all:
+  hosts:
+    wendelstein:
+      ansible_host: wendelstein.jaseg.net
+      ansible_ssh_identity_file: ~/.ssh/id_ed25519
+      ansible_user: root
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..22b3be2
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,98 @@
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 4096;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  gerbolyze.jaseg.net;
+        root         /usr/share/nginx/html;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+	location ^~ /static/ {
+	      root /var/lib/gerboweb/static;
+	}
+
+        location / {
+	      include uwsgi_params;
+	      uwsgi_pass unix:/run/uwsgi/gerboweb.socket;
+        }
+
+        error_page 404 /404.html;
+	location = /40x.html {
+	    root         /usr/share/nginx/html;
+        }
+
+        error_page 500 502 503 504 /50x.html;
+	location = /50x.html {
+	    root         /usr/share/nginx/html;
+        }
+    }
+
+# Settings for a TLS enabled server.
+#
+#    server {
+#        listen       443 ssl http2 default_server;
+#        listen       [::]:443 ssl http2 default_server;
+#        server_name  _;
+#        root         /usr/share/nginx/html;
+#
+#        ssl_certificate "/etc/pki/nginx/server.crt";
+#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
+#        ssl_session_cache shared:SSL:1m;
+#        ssl_session_timeout  10m;
+#        ssl_ciphers PROFILE=SYSTEM;
+#        ssl_prefer_server_ciphers on;
+#
+#        # Load configuration files for the default server block.
+#        include /etc/nginx/default.d/*.conf;
+#
+#        location / {
+#        }
+#
+#        error_page 404 /404.html;
+#            location = /40x.html {
+#        }
+#
+#        error_page 500 502 503 504 /50x.html;
+#            location = /50x.html {
+#        }
+#    }
+
+}
+
diff --git a/playbook.yml b/playbook.yml
index a510772..eb4f367 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,33 +1,30 @@
 - name: Gerbolyze container setup playbook
-  hosts: localhost
-  connection: local
+  hosts: all
   tasks:
+    - name: Create container image file
+      command: truncate -s 4G /var/cache/gerbolyze_container.img
+      args:
+          creates: /var/cache/gerbolyze_container.img
+      register: create_container
+
     - name: Download arch bootstrap image
       get_url:
           url: http://mirror.rackspace.com/archlinux/iso/2019.03.01/archlinux-bootstrap-2019.03.01-x86_64.tar.gz
           dest: /tmp/arch-bootstrap.tar.xz
           checksum: sha256:865c8a25312b663e724923eecf0dfc626f4cd621e2cfcb19eafc69a4fc666756
+      when: create_container is changed
 
     - name: Install host requisites
-      become: yes
       dnf:
-          name: btrfs-progs,arch-install-scripts
+          name: btrfs-progs,arch-install-scripts,nginx,uwsgi,python3-flask,python3-flask-wtf,systemd-container,uwsgi-plugin-python3
           state: latest
 
-    - name: Create container image file
-      become: yes
-      shell: truncate -s 4G /var/cache/gerbolyze_container.img
-      args:
-          creates: /var/cache/gerbolyze_container.img
-
     - name: Create container image filesystem
-      become: yes
       filesystem:
           dev: /var/cache/gerbolyze_container.img
           fstype: btrfs
     
     - name: Create container image fstab entry
-      become: yes
       mount:
           src: /var/cache/gerbolyze_container.img
           path: /var/cache/gerbolyze_container
@@ -36,7 +33,6 @@
           opts: loop
 
     - name: Unpack bootstrap image
-      become: yes
       unarchive:
           remote_src: yes
           src: /tmp/arch-bootstrap.tar.xz
@@ -45,56 +41,125 @@
           creates: /var/cache/gerbolyze_container/etc
 
     - name: Copy mirrorlist into container
-      become: yes
       copy:
           src: mirrorlist
           dest: /var/cache/gerbolyze_container/etc/pacman.d/mirrorlist
 
     - name: Copy render script
-      become: yes
       copy:
           src: render.sh
           dest: /usr/local/sbin/gerbolyze_render.sh
           mode: ug+x
 
     - name: Copy vector script
-      become: yes
       copy:
           src: vector.sh
           dest: /usr/local/sbin/gerbolyze_vector.sh
           mode: ug+x
 
     - name: Initialize container pacman keyring
-      become: yes
       shell: arch-chroot /var/cache/gerbolyze_container pacman-key --init && arch-chroot /var/cache/gerbolyze_container pacman-key --populate archlinux
       args:
           creates: /var/cache/gerbolyze_container/etc/pacman.d/gnupg
 
     - name: Fixup pacman.conf for pacman to work in chroot without its own root fs
-      become: yes
       lineinfile:
           path: /var/cache/gerbolyze_container/etc/pacman.conf
           regexp: '^CheckSpace'
           line: '#CheckSpace'
 
     - name: Update container and install software
-      become: yes
       shell: arch-chroot /var/cache/gerbolyze_container pacman -Syu --noconfirm python3 opencv hdf5 gtk3 python-numpy python-pip imagemagick unzip zip
 
       # TODO maybe install directly from local git checkout?
     - name: Install gerbolyze
-      become: yes
       shell: arch-chroot /var/cache/gerbolyze_container pip install -U --upgrade-strategy=eager gerbolyze
 
-      #    - name: Cleanup bootstrap image
-      #      file:
-      #    path: /tmp/arch-bootstrap.tar.xz
-      #    state: absent
-
-    - name: Create app cache directory
+    - name: Cleanup bootstrap image
       file:
-          path: /var/cache/gerboweb
-          owner: user # FIXME debug
-          group: user # FIXME debug
-          mode: 0770
+          path: /tmp/arch-bootstrap.tar.xz
+          state: absent
+
+    - name: Copy webapp sources
+      synchronize:
+        # FIXME: make this path configurable
+          src: ~/gerbolyze/gerboweb/
+          dest: /var/lib/gerboweb/
+          group: no
+          owner: no
+
+    - name: Copy nginx config
+      copy:
+          src: nginx.conf
+          dest: /etc/nginx/nginx.conf
+
+    - name: Create uwsgi worker user and group
+      user:
+          name: uwsgi-gerboweb
+          create_home: no
+          group: uwsgi
+          password: '!'
+          shell: /sbin/nologin
+          system: yes
+
+    - name: Add nginx user to uwsgi group for access to uwsgi socket
+      user:
+          name: nginx
+          groups: uwsgi
+          append: yes
+
+    - name: Copy uwsgi config
+      copy:
+          src: uwsgi-gerboweb.ini
+          dest: /etc/uwsgi.d/gerboweb.ini
+          owner: uwsgi-gerboweb
+          group: uwsgi
+          mode: 440
+
+    - name: Copy uwsgi systemd socket config
+      copy:
+          src: uwsgi-app@.socket
+          dest: /etc/systemd/system/
+
+    - name: Copy uwsgi systemd service config
+      copy:
+          src: uwsgi-app@.service
+          dest: /etc/systemd/system/
+
+    - name: Copy job processor systemd service config
+      copy:
+          src: gerboweb-job-processor.service
+          dest: /etc/systemd/system/
+
+    - name: Enable uwsgi systemd socket
+      systemd:
+          daemon-reload: yes
+          name: uwsgi-app@gerboweb.socket
+          enabled: yes
+
+    - name: Enable and launch uwsgi systemd service
+      systemd:
+          name: uwsgi-app@gerboweb.service
+          enabled: yes
+          state: restarted
+
+    - name: Enable and launch job processor
+      systemd:
+          name: gerboweb-job-processor.service
+          enabled: yes
+          state: restarted
+
+    - name: Enable and launch nginx systemd service
+      systemd:
+          name: nginx.service
+          enabled: yes
+          state: restarted
+
+    - name: Copy gerboweb cache dir tmpfiles.d config
+      copy:
+          src: tmpfiles-gerboweb.conf
+          dest: /etc/tmpfiles.d/gerboweb.conf
+          owner: root
+          group: root
+          mode: 0644
 
diff --git a/tmpfiles-gerboweb.conf b/tmpfiles-gerboweb.conf
new file mode 100644
index 0000000..33264cf
--- /dev/null
+++ b/tmpfiles-gerboweb.conf
@@ -0,0 +1 @@
+d /var/cache/gerboweb 760 uwsgi-gerboweb uwsgi 2d
diff --git a/uwsgi-app@.service b/uwsgi-app@.service
new file mode 100644
index 0000000..61bf1e4
--- /dev/null
+++ b/uwsgi-app@.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=%i uWSGI app
+After=syslog.target
+
+[Service]
+ExecStart=/usr/sbin/uwsgi \
+        --ini /etc/uwsgi.d/%i.ini \
+        --socket /run/uwsgi/%i.socket
+User=uwsgi-%i
+Group=uwsgi
+Restart=on-failure
+KillSignal=SIGQUIT
+Type=notify
+StandardError=syslog
+NotifyAccess=all
diff --git a/uwsgi-app@.socket b/uwsgi-app@.socket
new file mode 100644
index 0000000..ae06d71
--- /dev/null
+++ b/uwsgi-app@.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=Socket for uWSGI app %i
+
+[Socket]
+ListenStream=/run/uwsgi/%i.socket
+SocketUser=uwsgi-%i
+SocketGroup=nginx
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
diff --git a/uwsgi-gerboweb.ini b/uwsgi-gerboweb.ini
new file mode 100644
index 0000000..748af71
--- /dev/null
+++ b/uwsgi-gerboweb.ini
@@ -0,0 +1,14 @@
+[uwsgi]
+chmod-socket = 660
+master = True
+cheap = True
+idle = 600
+die-on-idle = True # If app is not used often, it will exit and be launched
+                   # again by systemd requested by users.
+
+manage-script-name = True
+plugins = python3
+chdir = /var/lib/gerboweb
+mount = /=gerboweb:app
+env = GERBOWEB_SETTINGS=gerboweb.cfg
+
author	jaseg <code@jaseg.net>	2019-03-27 23:08:20 +0900
committer	jaseg <git@jaseg.net>	2019-03-27 23:08:20 +0900
commit	295302ba9420e7b83e5053ea45d14601c1312e3f (patch)
tree	8573378bdd2f596d660935f391a31db28782b39c
parent	6a90803ae6da0759723deda24d746d18e2fb8b8c (diff)
download	infra-295302ba9420e7b83e5053ea45d14601c1312e3f.tar.gz infra-295302ba9420e7b83e5053ea45d14601c1312e3f.tar.bz2 infra-295302ba9420e7b83e5053ea45d14601c1312e3f.zip