From 7d7370ea835667e264cc28af63bb7d12da291d30 Mon Sep 17 00:00:00 2001 From: Timor Morrien Date: Tue, 12 Sep 2023 00:05:43 +0200 Subject: [PATCH 1/9] Add pyris role --- roles/pyris/README.md | 22 +++++ roles/pyris/defaults/main.yml | 33 +++++++ roles/pyris/handlers/main.yml | 18 ++++ roles/pyris/tasks/main.yml | 98 +++++++++++++++++++ roles/pyris/templates/application.yml.j2 | 1 + roles/pyris/templates/docker.env.j2 | 6 ++ roles/pyris/templates/pyris-docker.sh.j2 | 89 +++++++++++++++++ .../templates/pyris_deployment_sudoers.j2 | 1 + 8 files changed, 268 insertions(+) create mode 100644 roles/pyris/README.md create mode 100644 roles/pyris/defaults/main.yml create mode 100644 roles/pyris/handlers/main.yml create mode 100644 roles/pyris/tasks/main.yml create mode 100644 roles/pyris/templates/application.yml.j2 create mode 100644 roles/pyris/templates/docker.env.j2 create mode 100755 roles/pyris/templates/pyris-docker.sh.j2 create mode 100644 roles/pyris/templates/pyris_deployment_sudoers.j2 diff --git a/roles/pyris/README.md b/roles/pyris/README.md new file mode 100644 index 0000000..7d064c7 --- /dev/null +++ b/roles/pyris/README.md @@ -0,0 +1,22 @@ +Role Name +========= + +This role installs Pyris on a host. The role supports single node installations via Docker + +Role Variables +-------------- +Default variables can be found in the `defaults/main.yml` file. + +### Variables that have to be configured for a single node installation: + +``` +pyris_deployment_user_public_key: #FIXME + +pyris_config: #FIXME + +proxy_ssl_certificate_path: #FIXME +proxy_ssl_certificate_key_path: #FIXME + +``` + +pyris_config is the configuration for Pyris. See https://github.com/ls1intum/Pyris for details \ No newline at end of file diff --git a/roles/pyris/defaults/main.yml b/roles/pyris/defaults/main.yml new file mode 100644 index 0000000..3c0931c --- /dev/null +++ b/roles/pyris/defaults/main.yml @@ -0,0 +1,33 @@ +--- +pyris_build_version: "latest" +pyris_working_directory: "/opt/pyris" + +############################################################################## +# Pyris Linux Users +############################################################################## + +pyris_user_name: "pyris" +pyris_user_group: "pyris" +pyris_user_uid: "1337" +pyris_user_gid: "1337" + +pyris_create_deployment_user: false +pyris_deployment_user_name: deployment +pyris_deployment_user_uid: 1338 +pyris_deployment_user_public_key: "" +pyris_deployment_user_comment: "User to deploy pyris to this host" + + +############################################################################## +# OpenAI Setup +############################################################################## + +pyris_config: #FIXME + + +############################################################################## +# Nginx Setup +############################################################################## + +proxy_ssl_certificate_path: #FIXME +proxy_ssl_certificate_key_path: #FIXME \ No newline at end of file diff --git a/roles/pyris/handlers/main.yml b/roles/pyris/handlers/main.yml new file mode 100644 index 0000000..99287f9 --- /dev/null +++ b/roles/pyris/handlers/main.yml @@ -0,0 +1,18 @@ +--- +# handlers file for pyris +- name: restart docker compose pyris + become: true + shell: | + ./pyris-docker.sh restart {{ pyris_build_version }} {{ pyris_branch }} + args: + chdir: "{{ pyris_working_directory }}" + listen: "restart docker pyris" + +- name: start docker compose pyris + become: true + command: ./pyris-docker.sh start {{ pyris_build_version }} {{ pyris_branch }} + args: + chdir: "{{ pyris_working_directory }}" + listen: "start docker pyris" + + diff --git a/roles/pyris/tasks/main.yml b/roles/pyris/tasks/main.yml new file mode 100644 index 0000000..6448593 --- /dev/null +++ b/roles/pyris/tasks/main.yml @@ -0,0 +1,98 @@ +--- +- name: Ensure pyris group {{ pyris_user_group }} exists + become: yes + group: + name: "{{ pyris_user_group }}" + gid: "{{ pyris_user_gid }}" + state: present + +- name: Ensure pyris user {{ pyris_user_name }} exists + become: yes + user: + name: "{{ pyris_user_name }}" + state: present + uid: "{{ pyris_user_uid }}" + group: "{{ pyris_user_group }}" + groups: "docker" + +- name: Ensure deployment user {{ pyris_deployment_user_name }} exists + become: yes + user: + name: "{{ pyris_deployment_user_name }}" + comment: "{{ pyris_deployment_user_comment }}" + state: present + uid: "{{ pyris_deployment_user_uid }}" + group: "{{ pyris_user_group }}" + groups: "sudo,docker" + append: yes + when: (pyris_create_deployment_user | bool) + +- name: Ensure (limited) sudo privileges for user {{ pyris_deployment_user_name }} + become: yes + template: + src: pyris_deployment_sudoers.j2 + dest: /etc/sudoers.d/pyris_deployment + validate: 'visudo -cf %s' + mode: 0440 + when: (pyris_create_deployment_user | bool) + +- name: Authorize ssh-key for deployment user + become: yes + authorized_key: + user: "{{ pyris_deployment_user_name }}" + state: present + key: "{{ pyris_deployment_user_public_key }}" + when: (pyris_create_deployment_user | bool) + +- name: Create pyris directory + become: true + file: + path: "{{ pyris_working_directory }}" + state: directory + mode: '0775' + +- name: Set permissions for pyris directory + become: true + file: + path: "{{ pyris_working_directory }}" + state: directory + recurse: yes + owner: "{{ pyris_user_name }}" + group: "{{ pyris_user_group }}" + register: permissions + notify: restart docker pyris + +- name: Copy docker.env to pyris directory + become: true + template: + src: "templates/docker.env.j2" + dest: "{{ pyris_working_directory }}/docker.env" + owner: "{{ pyris_user_name }}" + group: "{{ pyris_user_group }}" + mode: 0660 + register: config + notify: restart docker pyris + +- name: Copy application.yml to pyris directory + become: true + template: + src: "templates/application.yml.j2" + dest: "{{ pyris_working_directory }}/application.yml" + owner: "{{ pyris_user_name }}" + group: "{{ pyris_user_group }}" + mode: 0660 + register: config + notify: restart docker pyris + +- name: Copy pyris-docker.sh helper script + become: true + template: + src: "templates/pyris-docker.sh.j2" + dest: "{{ pyris_working_directory }}/pyris-docker.sh" + owner: "{{ pyris_user_name }}" + group: "{{ pyris_user_group }}" + mode: 0770 + register: config + notify: restart docker pyris + + diff --git a/roles/pyris/templates/application.yml.j2 b/roles/pyris/templates/application.yml.j2 new file mode 100644 index 0000000..2492f2e --- /dev/null +++ b/roles/pyris/templates/application.yml.j2 @@ -0,0 +1 @@ +{{ pyris_config |to_yaml(indent=4) }} \ No newline at end of file diff --git a/roles/pyris/templates/docker.env.j2 b/roles/pyris/templates/docker.env.j2 new file mode 100644 index 0000000..213603e --- /dev/null +++ b/roles/pyris/templates/docker.env.j2 @@ -0,0 +1,6 @@ +PYRIS_DOCKER_TAG='{{ pyris_build_version }}' +PYRIS_APPLICATION_YML_FILE='{{ pyris_working_directory }}/application.yml' + +# Nginx vars +NGINX_PROXY_SSL_CERTIFICATE_PATH='{{ proxy_ssl_certificate_path }}' +NGINX_PROXY_SSL_CERTIFICATE_KEY_PATH='{{ proxy_ssl_certificate_key_path }}' diff --git a/roles/pyris/templates/pyris-docker.sh.j2 b/roles/pyris/templates/pyris-docker.sh.j2 new file mode 100755 index 0000000..8454f88 --- /dev/null +++ b/roles/pyris/templates/pyris-docker.sh.j2 @@ -0,0 +1,89 @@ +#!/bin/bash + +PROJECT_DIR="{{ pyris_working_directory }}/Pyris/docker" +COMPOSE_FILE="pyris-production.yml" +ENV_FILE="{{ pyris_working_directory }}/docker.env" + +# Function: Print general usage information +function general_help { + cat << HELP +Usage: + ./$(basename "$0") [options] + +Commands: + start Start Pyris, Nginx and the database + stop Stop the Pyris server. Nginx and database will remain started + restart Restart the Pyris server. Nginx and database are unaffected + run Run any docker compose subcommand of your choice +HELP +} + +function start { + local pr_tag=$1 + local pr_branch=$2 + + echo "Starting Pyris with PR tag: $pr_tag and branch: $pr_branch" + rm -rf Pyris + git clone https://github.com/ls1intum/Pyris.git -b "$pr_branch" Pyris + sed -i "s/PYRIS_DOCKER_TAG=.*/PYRIS_DOCKER_TAG='$pr_tag'/g" $ENV_FILE + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" up -d --pull always --no-build +} + +function stop { + # TODO: In the future extract pr_tag and pr_branch from env + + echo "Stopping Pyris" + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" stop pyris-app +} + +function restart { + stop "$@" + start "$@" +} + +function pyris_logs { + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" logs -f pyris-app +} + +function all_logs { + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" logs -f +} + +function run_docker_compose_cmd { + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" "$@" +} + +# read subcommand `pyris-docker subcommand server` in variable and remove base command from argument list +subcommand=$1; shift + +# Handle empty subcommand +if [ -z "$subcommand" ]; then + general_help + exit 1 +fi + +case "$subcommand" in + start) + start "$@" + ;; + stop) + stop "$@" + ;; + restart) + restart "$@" + ;; + logs-pyris) + pyris_logs "$@" + ;; + logs) + all_logs "$@" + ;; + run) + run_docker_compose_cmd "$@" + ;; + *) + printf "Invalid Command: $subcommand\n\n" 1>&2 + general_help + exit 1 + ;; +esac diff --git a/roles/pyris/templates/pyris_deployment_sudoers.j2 b/roles/pyris/templates/pyris_deployment_sudoers.j2 new file mode 100644 index 0000000..9b45694 --- /dev/null +++ b/roles/pyris/templates/pyris_deployment_sudoers.j2 @@ -0,0 +1 @@ +{{ pyris_deployment_user_name }} ALL=(ALL) NOPASSWD: /usr/bin/bash {{ pyris_working_directory }}/pyris-docker.sh * From 789cdab433fe201c4cce90f493ac7a097718b560 Mon Sep 17 00:00:00 2001 From: Timor Morrien Date: Mon, 2 Oct 2023 15:58:36 +0200 Subject: [PATCH 2/9] Add support for LocalVC and LocalCI --- roles/artemis/defaults/main.yml | 4 ++-- roles/artemis/templates/application-prod.yml.j2 | 11 +++++++++++ roles/artemis/templates/artemis.env.j2 | 10 ++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/roles/artemis/defaults/main.yml b/roles/artemis/defaults/main.yml index 425799f..8e397a6 100644 --- a/roles/artemis/defaults/main.yml +++ b/roles/artemis/defaults/main.yml @@ -196,8 +196,8 @@ artemis_eureka_instance_id: "{{ node_id }}" artemis_spring_profile_env: "prod" artemis_spring_profile_user_management: "{% if user_management.jira is defined and user_management.jira is not none %},jira{% endif %}" # none HAS to be lowercase ¯\_(ツ)_/¯ artemis_spring_profile_ldap: "{% if ldap.password is defined and ldap.password is not none %},ldap{% endif %}" -artemis_spring_profile_version_control: "{% if version_control.bitbucket is defined and version_control.bitbucket is not none %},bitbucket{% elif version_control.gitlab is defined and version_control.gitlab is not none %},gitlab{% endif %}" -artemis_spring_profile_continuous_integration: "{% if continuous_integration.bamboo is defined and continuous_integration.bamboo is not none %},bamboo{% elif continuous_integration.jenkins is defined and continuous_integration.jenkins is not none %},jenkins{% endif %}" +artemis_spring_profile_version_control: "{% if version_control.bitbucket is defined and version_control.bitbucket is not none %},bitbucket{% elif version_control.gitlab is defined and version_control.gitlab is not none %},gitlab{% elif version_control.localvc is defined and version_control.localvc is not none %},localvc{% endif %}" +artemis_spring_profile_continuous_integration: "{% if continuous_integration.bamboo is defined and continuous_integration.bamboo is not none %},bamboo{% elif continuous_integration.jenkins is defined and continuous_integration.jenkins is not none %},jenkins{% elif continuous_integration.localci is defined and continuous_integration.localci is not none %},localci{% endif %}" artemis_spring_profile_athena: "{% if athena is defined and athena is not none %},athena{% endif %}" artemis_spring_profile_apollon: "{% if apollon_url is defined and apollon_url is not none %},apollon{% endif %}" artemis_spring_profile_scheduling: "{% if node_id is defined and node_id == 1 %},scheduling{% endif %}" diff --git a/roles/artemis/templates/application-prod.yml.j2 b/roles/artemis/templates/application-prod.yml.j2 index 7cf05c7..e5faa0a 100644 --- a/roles/artemis/templates/application-prod.yml.j2 +++ b/roles/artemis/templates/application-prod.yml.j2 @@ -147,6 +147,13 @@ artemis: versionControlAccessToken: true {% endif %} +{% if version_control.localvc is defined %} + version-control: + url: {{ version_control.localvc.url }} + local-vcs-repo-path: {{ artemis_repo_basepath }}/local-vcs-repos + user: "demo" + password: "demo" +{% endif %} {% if continuous_integration.bamboo is defined %} continuous-integration: @@ -171,6 +178,10 @@ artemis: artemis-authentication-token-value: {{ continuous_integration.jenkins.artemis_auth_token_value }} {% endif %} +{% if version_control.localci is defined %} + continuous-integration: + artemis-authentication-token-value: "demo" +{% endif %} {% if lti is defined %} diff --git a/roles/artemis/templates/artemis.env.j2 b/roles/artemis/templates/artemis.env.j2 index 55c478c..d0976d1 100644 --- a/roles/artemis/templates/artemis.env.j2 +++ b/roles/artemis/templates/artemis.env.j2 @@ -129,6 +129,16 @@ ARTEMIS_CONTINUOUSINTEGRATION_VCSCREDENTIALS='{{ continuous_integration.jenkins. ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENKEY='{{ continuous_integration.jenkins.artemis_auth_token_key }}' ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE='{{ continuous_integration.jenkins.artemis_auth_token_value }}' {% endif %} +{% if version_control.localvc is defined %} +ARTEMIS_VERSIONCONTROL_URL='{{ version_control.localvc.url }}' +ARTEMIS_VERSIONCONTROL_LOCALVCSREPOPATH='{{ version_control.localvc.local_repo_path }}' +ARTEMIS_VERSIONCONTROL_USER='demo' +ARTEMIS_VERSIONCONTROL_PASSWORD='demo' +{% endif %} +{% if continuous_integration.localci is defined %} +ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE='demo' +ARTEMIS_CONTINUOUSINTEGRATION_DOCKERCONNECTIONURI='unix:///var/run/docker.sock' +{% endif %} ARTEMIS_USERMANAGEMENT_LOGIN_ACCOUNTNAME='{{ artemis_account_login_info }}' {% if lti is defined %} ARTEMIS_LTI_ID='artemis_lti' From a2115ec5e9e90e06f9fa6595e86fcfa0c50faabf Mon Sep 17 00:00:00 2001 From: Timor Morrien Date: Fri, 6 Oct 2023 02:00:57 +0200 Subject: [PATCH 3/9] Add docker group to docker containers --- roles/artemis/templates/artemis-docker.sh.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/artemis/templates/artemis-docker.sh.j2 b/roles/artemis/templates/artemis-docker.sh.j2 index 1c156fc..14d234d 100755 --- a/roles/artemis/templates/artemis-docker.sh.j2 +++ b/roles/artemis/templates/artemis-docker.sh.j2 @@ -8,6 +8,9 @@ COMPOSE_FILE="test-server-mysql.yml" COMPOSE_FILE="test-server-postgresql.yml" {% endif %} ENV_FILE="{{ artemis_working_directory }}/docker.env" +{% if version_control.localci is defined %} +export DOCKER_GROUP_ID=$(getent group docker | cut -d: -f3) +{% endif %} # Function: Print general usage information function general_help { From 567e3bc3900e36eebfd6605bd5702d03c5731349 Mon Sep 17 00:00:00 2001 From: Timor Morrien Date: Wed, 11 Oct 2023 23:50:11 +0200 Subject: [PATCH 4/9] Several fixes --- roles/artemis/defaults/main.yml | 3 ++- roles/artemis/templates/application-prod.yml.j2 | 2 +- roles/artemis/templates/artemis-docker.sh.j2 | 11 ++++++++++- roles/artemis/templates/artemis.env.j2 | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/roles/artemis/defaults/main.yml b/roles/artemis/defaults/main.yml index 8e397a6..b72e95b 100644 --- a/roles/artemis/defaults/main.yml +++ b/roles/artemis/defaults/main.yml @@ -203,4 +203,5 @@ artemis_spring_profile_apollon: "{% if apollon_url is defined and apollon_url is artemis_spring_profile_scheduling: "{% if node_id is defined and node_id == 1 %},scheduling{% endif %}" artemis_spring_profile_docker: "{% if use_docker %},docker{% endif %}" artemis_spring_profile_iris: "{% if iris is defined and iris is not none %},iris{% endif %}" -artemis_spring_profiles: "{{ artemis_spring_profile_env }}{{ artemis_spring_profile_user_management }}{{ artemis_spring_profile_ldap }}{{ artemis_spring_profile_version_control }}{{ artemis_spring_profile_continuous_integration }}{{ artemis_spring_profile_athena }}{{ artemis_spring_profile_scheduling }}{{ artemis_spring_profile_docker }}{{ artemis_spring_profile_iris }}" \ No newline at end of file +artemis_spring_profile_lti: "{% if lti.oauth_secret is defined and lti.oauth_secret is not none %},lti{% endif %}" +artemis_spring_profiles: "{{ artemis_spring_profile_env }}{{ artemis_spring_profile_user_management }}{{ artemis_spring_profile_ldap }}{{ artemis_spring_profile_version_control }}{{ artemis_spring_profile_continuous_integration }}{{ artemis_spring_profile_athena }}{{ artemis_spring_profile_scheduling }}{{ artemis_spring_profile_docker }}{{ artemis_spring_profile_iris }}{{ artemis_spring_profile_lti }}" \ No newline at end of file diff --git a/roles/artemis/templates/application-prod.yml.j2 b/roles/artemis/templates/application-prod.yml.j2 index e5faa0a..9021157 100644 --- a/roles/artemis/templates/application-prod.yml.j2 +++ b/roles/artemis/templates/application-prod.yml.j2 @@ -178,7 +178,7 @@ artemis: artemis-authentication-token-value: {{ continuous_integration.jenkins.artemis_auth_token_value }} {% endif %} -{% if version_control.localci is defined %} +{% if continuous_integration.localci is defined %} continuous-integration: artemis-authentication-token-value: "demo" {% endif %} diff --git a/roles/artemis/templates/artemis-docker.sh.j2 b/roles/artemis/templates/artemis-docker.sh.j2 index 14d234d..462ee99 100755 --- a/roles/artemis/templates/artemis-docker.sh.j2 +++ b/roles/artemis/templates/artemis-docker.sh.j2 @@ -1,14 +1,23 @@ #!/bin/bash PROJECT_DIR="{{ artemis_working_directory }}/Artemis/docker" +{% if continuous_integration.localci is defined %} +{% if artemis_database_type == "mysql" %} +COMPOSE_FILE="test-server-mysql-localci.yml" +{% endif %} +{% if artemis_database_type == "postgresql" %} +COMPOSE_FILE="test-server-postgresql-localci.yml" +{% endif %} +{% else %} {% if artemis_database_type == "mysql" %} COMPOSE_FILE="test-server-mysql.yml" {% endif %} {% if artemis_database_type == "postgresql" %} COMPOSE_FILE="test-server-postgresql.yml" {% endif %} +{% endif %} ENV_FILE="{{ artemis_working_directory }}/docker.env" -{% if version_control.localci is defined %} +{% if continuous_integration.localci is defined %} export DOCKER_GROUP_ID=$(getent group docker | cut -d: -f3) {% endif %} diff --git a/roles/artemis/templates/artemis.env.j2 b/roles/artemis/templates/artemis.env.j2 index d0976d1..dd6c998 100644 --- a/roles/artemis/templates/artemis.env.j2 +++ b/roles/artemis/templates/artemis.env.j2 @@ -131,7 +131,7 @@ ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE='{{ continuous_int {% endif %} {% if version_control.localvc is defined %} ARTEMIS_VERSIONCONTROL_URL='{{ version_control.localvc.url }}' -ARTEMIS_VERSIONCONTROL_LOCALVCSREPOPATH='{{ version_control.localvc.local_repo_path }}' +ARTEMIS_VERSIONCONTROL_LOCALVCSREPOPATH='{{ artemis_repo_basepath }}/local-vcs-repos' ARTEMIS_VERSIONCONTROL_USER='demo' ARTEMIS_VERSIONCONTROL_PASSWORD='demo' {% endif %} From be0f601ffbd94d9239eb39b1e9d543ea5d96a9fc Mon Sep 17 00:00:00 2001 From: Matthias Linhuber Date: Fri, 3 Nov 2023 19:44:04 +0100 Subject: [PATCH 5/9] Add new variable to hold the registry url --- roles/artemis/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/artemis/defaults/main.yml b/roles/artemis/defaults/main.yml index 425799f..04924d1 100644 --- a/roles/artemis/defaults/main.yml +++ b/roles/artemis/defaults/main.yml @@ -174,11 +174,13 @@ artemis_external_password_reset_link_de: "https://campus.tum.de/tumonline/ee/ui/ # user: # password: # + #registry: #FIXME Multinode + # url: # Define node local hazelcast_address - Uses wireguard net by default hazelcast_address: "{% if is_multinode_install is defined and is_multinode_install|bool == true %}[{{ wireguard_interface_address }}]{% endif %}" -artemis_eureka_urls: "{% if broker.url is defined and broker.url is not none %}http://admin:${jhipster.registry.password}@{{ broker.url }}:8761/eureka/{% endif %}" +artemis_eureka_urls: "{% if registry.url is defined and registry.url is not none %}http://admin:${jhipster.registry.password}@{{ registry.url }}:8761/eureka/{% endif %}" artemis_eureka_instance_id: "{{ node_id }}" ############################################################################## From 8c40fd15fe2ef78371ec2e7a9624be70918945d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Nov 2023 18:45:17 +0000 Subject: [PATCH 6/9] Bump cryptography from 41.0.0 to 41.0.4 Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.0 to 41.0.4. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.0...41.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e5bf38b..2f680ce 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ ansible-lint==5.3.2 cffi==1.15.0 colorama==0.4.4 commonmark==0.9.1 -cryptography==41.0.0 +cryptography==41.0.4 Jinja2==3.0.3 MarkupSafe==2.0.1 packaging==21.3 From 4f8bd1afb70ccac141f43cac1bc822448e07a671 Mon Sep 17 00:00:00 2001 From: Timor Morrien Date: Fri, 10 Nov 2023 18:05:35 +0100 Subject: [PATCH 7/9] Add multi-node support as well --- roles/artemis/defaults/main.yml | 3 ++- roles/artemis/tasks/docker_deploy_artemis.yml | 15 ++++++++++++++ roles/artemis/templates/artemis-docker.sh.j2 | 20 +++++-------------- roles/artemis/templates/artemis.env.j2 | 4 ++++ roles/artemis/templates/docker.env.j2 | 12 +++++++++++ roles/artemis/templates/node.env.j2 | 4 ++++ 6 files changed, 42 insertions(+), 16 deletions(-) create mode 100644 roles/artemis/templates/node.env.j2 diff --git a/roles/artemis/defaults/main.yml b/roles/artemis/defaults/main.yml index e54ebb7..c7b912a 100644 --- a/roles/artemis/defaults/main.yml +++ b/roles/artemis/defaults/main.yml @@ -9,6 +9,7 @@ artemis_server_port: 8080 install_artemis: true upgrade_artemis: false use_docker: false +artemis_node_count: 1 check_variables: true @@ -178,7 +179,7 @@ artemis_external_password_reset_link_de: "https://campus.tum.de/tumonline/ee/ui/ # url: # Define node local hazelcast_address - Uses wireguard net by default -hazelcast_address: "{% if is_multinode_install is defined and is_multinode_install|bool == true %}[{{ wireguard_interface_address }}]{% endif %}" +hazelcast_address: "{% if is_multinode_install is defined and is_multinode_install|bool == true and not use_docker%}[{{ wireguard_interface_address }}]{% endif %}" artemis_eureka_urls: "{% if registry.url is defined and registry.url is not none %}http://admin:${jhipster.registry.password}@{{ registry.url }}:8761/eureka/{% endif %}" artemis_eureka_instance_id: "{{ node_id }}" diff --git a/roles/artemis/tasks/docker_deploy_artemis.yml b/roles/artemis/tasks/docker_deploy_artemis.yml index 352a950..459100e 100644 --- a/roles/artemis/tasks/docker_deploy_artemis.yml +++ b/roles/artemis/tasks/docker_deploy_artemis.yml @@ -56,6 +56,21 @@ register: config notify: restart docker artemis +- name: Copy node env files + loop: "{{ range(1, artemis_node_count + 1) }}" + loop_control: + loop_var: docker_node_id + when: is_multinode_install + become: true + template: + src: "templates/node.env.j2" + dest: "{{ artemis_working_directory }}/node{{ docker_node_id }}.env" + owner: "{{ artemis_user_name }}" + group: "{{ artemis_user_group }}" + mode: 0660 + register: config + notify: restart docker artemis + - name: Create artemis ssh key directory become: true file: diff --git a/roles/artemis/templates/artemis-docker.sh.j2 b/roles/artemis/templates/artemis-docker.sh.j2 index 462ee99..f80d9f5 100755 --- a/roles/artemis/templates/artemis-docker.sh.j2 +++ b/roles/artemis/templates/artemis-docker.sh.j2 @@ -1,21 +1,11 @@ #!/bin/bash PROJECT_DIR="{{ artemis_working_directory }}/Artemis/docker" -{% if continuous_integration.localci is defined %} -{% if artemis_database_type == "mysql" %} -COMPOSE_FILE="test-server-mysql-localci.yml" -{% endif %} -{% if artemis_database_type == "postgresql" %} -COMPOSE_FILE="test-server-postgresql-localci.yml" -{% endif %} -{% else %} -{% if artemis_database_type == "mysql" %} -COMPOSE_FILE="test-server-mysql.yml" -{% endif %} -{% if artemis_database_type == "postgresql" %} -COMPOSE_FILE="test-server-postgresql.yml" -{% endif %} -{% endif %} +{% set default_compose_file = "test-server-" + artemis_database_type + ".yml" %} +{% set localci_compose_file = "test-server-" + artemis_database_type + "-localci.yml" %} +{% set multi_node_localci_compose_file = "test-server-multi-node-" + artemis_database_type + "-localci.yml" %} + +COMPOSE_FILE="{% if continuous_integration.localci is defined and is_multinode_install is defined %}{{ multi_node_localci_compose_file }}{% elif continuous_integration.localci is defined %}{{ localci_compose_file }}{% else %}{{ default_compose_file }}{% endif %}" ENV_FILE="{{ artemis_working_directory }}/docker.env" {% if continuous_integration.localci is defined %} export DOCKER_GROUP_ID=$(getent group docker | cut -d: -f3) diff --git a/roles/artemis/templates/artemis.env.j2 b/roles/artemis/templates/artemis.env.j2 index dd6c998..7db93a7 100644 --- a/roles/artemis/templates/artemis.env.j2 +++ b/roles/artemis/templates/artemis.env.j2 @@ -196,9 +196,13 @@ INFO_SENTRY_DSN='https://ceeb3e72ec094684aefbb132f87231f2@sentry.ase.in.tum.de/2 EUREKA_CLIENT_ENABLED='true' EUREKA_CLIENT_SERVICEURL_DEFAULTZONE='{{ artemis_eureka_urls }}' EUREKA_INSTANCE_PREFERIPADDRESS='true' +{% if hazelcast_address is defined and hazelcast_address != "" %} EUREKA_INSTANCE_IPADDRESS='{{ hazelcast_address }}' +{% endif %} EUREKA_INSTANCE_APPNAME='Artemis' +{% if artemis_eureka_instance_id is defined and artemis_eureka_instance_id != "" %} EUREKA_INSTANCE_INSTANCEID='Artemis:{{ artemis_eureka_instance_id }}' {% endif %} +{% endif %} LOGGING_FILE_NAME='{{ artemis_working_directory }}/artemis.log' MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED='true' diff --git a/roles/artemis/templates/docker.env.j2 b/roles/artemis/templates/docker.env.j2 index 775fde2..0fcb8d7 100644 --- a/roles/artemis/templates/docker.env.j2 +++ b/roles/artemis/templates/docker.env.j2 @@ -1,6 +1,13 @@ ARTEMIS_DOCKER_TAG='{{ artemis_build_version }}' ARTEMIS_SSH_KEY_PATH='{{ artemis_ssh_key_path }}' + ARTEMIS_ENV_FILE='{{ artemis_working_directory }}/artemis.env' +{% if is_multinode_install %} +{% for node_id in range(1, artemis_node_count + 1) %} +ARTEMIS_NODE_{{ node_id }}_ENV_FILE='{{ artemis_working_directory }}/node{{ node_id }}.env' +{% endfor %} +{% endif %} + ARTEMIS_VOLUME_MOUNT='{{ artemis_working_directory }}/data/artemis' ARTEMIS_LEGAL_MOUNT='{{ artemis_working_directory }}/legal' ARTEMIS_DATA_EXPORT_MOUNT='{{ artemis_working_directory }}/data-exports' @@ -8,6 +15,11 @@ ARTEMIS_DATA_EXPORT_MOUNT='{{ artemis_working_directory }}/data-exports' DATABASE_ENV_FILE='{{ artemis_working_directory }}/database.env' DATABASE_VOLUME_MOUNT='{{ artemis_working_directory }}/data/database' +# Broker & Registry vars +REGISTRY_PASSWORD='{{ artemis_jhipster_registry_password }}' +BROKER_USER='{{ broker.username }}' +BROKER_PASSWORD='{{ broker.password }}' + # Nginx vars NGINX_PROXY_SSL_CERTIFICATE_PATH='{{ proxy_ssl_certificate_path }}' NGINX_PROXY_SSL_CERTIFICATE_KEY_PATH='{{ proxy_ssl_certificate_key_path }}' diff --git a/roles/artemis/templates/node.env.j2 b/roles/artemis/templates/node.env.j2 new file mode 100644 index 0000000..6f752a7 --- /dev/null +++ b/roles/artemis/templates/node.env.j2 @@ -0,0 +1,4 @@ +SPRING_PROFILES_ACTIVE='{{ artemis_spring_profiles }}{% if docker_node_id == 1 %},scheduling{% endif %}' +EUREKA_INSTANCE_INSTANCEID='Artemis:{{ docker_node_id }}' +EUREKA_INSTANCE_HOSTNAME='artemis-app-node-{{ docker_node_id }}' +SPRING_HAZELCAST_INTERFACE='artemis-app-node-{{ docker_node_id }}' From 54dc4e7b29ffbf18384889a2812ea8afb186cf27 Mon Sep 17 00:00:00 2001 From: Timor Morrien Date: Mon, 20 Nov 2023 14:44:19 +0100 Subject: [PATCH 8/9] Add ldap-only --- roles/artemis/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/artemis/defaults/main.yml b/roles/artemis/defaults/main.yml index c7b912a..89a5919 100644 --- a/roles/artemis/defaults/main.yml +++ b/roles/artemis/defaults/main.yml @@ -198,7 +198,7 @@ artemis_eureka_instance_id: "{{ node_id }}" # Compute Spring Profiles from set variables artemis_spring_profile_env: "prod" artemis_spring_profile_user_management: "{% if user_management.jira is defined and user_management.jira is not none %},jira{% endif %}" # none HAS to be lowercase ¯\_(ツ)_/¯ -artemis_spring_profile_ldap: "{% if ldap.password is defined and ldap.password is not none %},ldap{% endif %}" +artemis_spring_profile_ldap: "{% if ldap.password is defined and ldap.password is not none %}{% if user_management.jira is defined and user_management.jira is not none %},ldap{% else %},ldap-only{% endif %}{% endif %}" artemis_spring_profile_version_control: "{% if version_control.bitbucket is defined and version_control.bitbucket is not none %},bitbucket{% elif version_control.gitlab is defined and version_control.gitlab is not none %},gitlab{% elif version_control.localvc is defined and version_control.localvc is not none %},localvc{% endif %}" artemis_spring_profile_continuous_integration: "{% if continuous_integration.bamboo is defined and continuous_integration.bamboo is not none %},bamboo{% elif continuous_integration.jenkins is defined and continuous_integration.jenkins is not none %},jenkins{% elif continuous_integration.localci is defined and continuous_integration.localci is not none %},localci{% endif %}" artemis_spring_profile_athena: "{% if athena is defined and athena is not none %},athena{% endif %}" From 94d7b2d867cabdd6d3595e4ad106aabc21a575c6 Mon Sep 17 00:00:00 2001 From: Timor Morrien Date: Mon, 27 Nov 2023 10:33:48 +0100 Subject: [PATCH 9/9] Set role names in README --- roles/artemis/README.md | 2 +- roles/pyris/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/artemis/README.md b/roles/artemis/README.md index 7cfac91..207c3b8 100644 --- a/roles/artemis/README.md +++ b/roles/artemis/README.md @@ -1,4 +1,4 @@ -Role Name +Artemis ========= This role installs artemis on a host. The role supports single node installations as well as multi node installations. diff --git a/roles/pyris/README.md b/roles/pyris/README.md index 7d064c7..17cc100 100644 --- a/roles/pyris/README.md +++ b/roles/pyris/README.md @@ -1,4 +1,4 @@ -Role Name +Pyris ========= This role installs Pyris on a host. The role supports single node installations via Docker