playbook.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

- name: Gerbolyze container setup playbook
  hosts: all
  tasks:
    - name: Create container image file
      command: truncate -s 4G /var/cache/gerbolyze_container.img
      args:
          creates: /var/cache/gerbolyze_container.img
      register: create_container

    - name: Download arch bootstrap image
      get_url:
          url: http://mirror.rackspace.com/archlinux/iso/2019.03.01/archlinux-bootstrap-2019.03.01-x86_64.tar.gz
          dest: /tmp/arch-bootstrap.tar.xz
          checksum: sha256:865c8a25312b663e724923eecf0dfc626f4cd621e2cfcb19eafc69a4fc666756
      when: create_container is changed

    - name: Install host requisites
      dnf:
          name: btrfs-progs,arch-install-scripts,nginx,uwsgi,python3-flask,python3-flask-wtf,systemd-container,uwsgi-plugin-python3
          state: latest

    - name: Create container image filesystem
      filesystem:
          dev: /var/cache/gerbolyze_container.img
          fstype: btrfs
    
    - name: Create container image fstab entry
      mount:
          src: /var/cache/gerbolyze_container.img
          path: /var/cache/gerbolyze_container
          state: mounted
          fstype: btrfs
          opts: loop

    - name: Unpack bootstrap image
      unarchive:
          remote_src: yes
          src: /tmp/arch-bootstrap.tar.xz
          dest: /var/cache/gerbolyze_container
          extra_opts: --strip-components=1
          creates: /var/cache/gerbolyze_container/etc

    - name: Copy mirrorlist into container
      copy:
          src: mirrorlist
          dest: /var/cache/gerbolyze_container/etc/pacman.d/mirrorlist

    - name: Copy render script
      copy:
          src: render.sh
          dest: /usr/local/sbin/gerbolyze_render.sh
          mode: ug+x

    - name: Copy vector script
      copy:
          src: vector.sh
          dest: /usr/local/sbin/gerbolyze_vector.sh
          mode: ug+x

    - name: Initialize container pacman keyring
      shell: arch-chroot /var/cache/gerbolyze_container pacman-key --init && arch-chroot /var/cache/gerbolyze_container pacman-key --populate archlinux
      args:
          creates: /var/cache/gerbolyze_container/etc/pacman.d/gnupg

    - name: Fixup pacman.conf for pacman to work in chroot without its own root fs
      lineinfile:
          path: /var/cache/gerbolyze_container/etc/pacman.conf
          regexp: '^CheckSpace'
          line: '#CheckSpace'

    - name: Update container and install software
      shell: arch-chroot /var/cache/gerbolyze_container pacman -Syu --noconfirm python3 opencv hdf5 gtk3 python-numpy python-pip imagemagick unzip zip

      # TODO maybe install directly from local git checkout?
    - name: Install gerbolyze
      shell: arch-chroot /var/cache/gerbolyze_container pip install -U --upgrade-strategy=eager gerbolyze

    - name: Cleanup bootstrap image
      file:
          path: /tmp/arch-bootstrap.tar.xz
          state: absent

    - name: Copy webapp sources
      synchronize:
        # FIXME: make this path configurable
          src: ~/gerbolyze/gerboweb/
          dest: /var/lib/gerboweb/
          group: no
          owner: no

    - name: Copy nginx config
      copy:
          src: nginx.conf
          dest: /etc/nginx/nginx.conf

    - name: Create uwsgi worker user and group
      user:
          name: uwsgi-gerboweb
          create_home: no
          group: uwsgi
          password: '!'
          shell: /sbin/nologin
          system: yes

    - name: Add nginx user to uwsgi group for access to uwsgi socket
      user:
          name: nginx
          groups: uwsgi
          append: yes

    - name: Copy uwsgi config
      copy:
          src: uwsgi-gerboweb.ini
          dest: /etc/uwsgi.d/gerboweb.ini
          owner: uwsgi-gerboweb
          group: uwsgi
          mode: 440

    - name: Copy uwsgi systemd socket config
      copy:
          src: uwsgi-app@.socket
          dest: /etc/systemd/system/

    - name: Copy uwsgi systemd service config
      copy:
          src: uwsgi-app@.service
          dest: /etc/systemd/system/

    - name: Copy job processor systemd service config
      copy:
          src: gerboweb-job-processor.service
          dest: /etc/systemd/system/

    - name: Enable uwsgi systemd socket
      systemd:
          daemon-reload: yes
          name: uwsgi-app@gerboweb.socket
          enabled: yes

    - name: Enable and launch uwsgi systemd service
      systemd:
          name: uwsgi-app@gerboweb.service
          enabled: yes
          state: restarted

    - name: Enable and launch job processor
      systemd:
          name: gerboweb-job-processor.service
          enabled: yes
          state: restarted

    - name: Enable and launch nginx systemd service
      systemd:
          name: nginx.service
          enabled: yes
          state: restarted

    - name: Copy gerboweb cache dir tmpfiles.d config
      copy:
          src: tmpfiles-gerboweb.conf
          dest: /etc/tmpfiles.d/gerboweb.conf
          owner: root
          group: root
          mode: 0644