Use ansible playbook to install validata

0b21fd55 · Christophe Benz · bd0ad224 · 0b21fd55 · 0b21fd55 · 0b21fd55
Commit 0b21fd55 authored Jun 20, 2019 by Christophe Benz
13 changed files
--- a/README.md
+++ b/README.md
@@ -20,19 +20,25 @@ Configuration is done by editing environment variables of [./development/docker-

 ## Deploy to production

+### Install requirements
+
 ```bash
-git clone https://git.opendatafrance.net/validata/validata-docker.git
-cd validata-docker/production
-cp api.secrets.env.template api.secrets.env
-cp ui.secrets.env.template ui.secrets.env
+cd production
+ansible-galaxy install -r requirements.yml
 ```

-Edit `api.secrets.env` and `ui.secrets.env`. Read [validata-api](https://git.opendatafrance.net/validata/validata-api) and [validata-ui](https://git.opendatafrance.net/validata/validata-ui) documentation for more information about environment variables.
+### Install Validata on server
+
+The following depends on your server provider. Here are the instructions used by a server hosted at Scaleway:

 ```bash
-docker-compose up -d
+cd production
+export SCW_TOKEN="..." # secret from Jailbrak KeePassX passwords file
+ansible-playbook --inventory scaleway_inventory.yml --limit validata-next --user root playbooks/validata.yml
 ```

+Then copy [api.secrets.env.template](./production/api.secrets.env.template) and [ui.secrets.env.template](./production/ui.secrets.env.template) to `/etc/docker/compose/validata` on server (removing the `.template` extension), and fill-in the values. Read [validata-api](https://git.opendatafrance.net/validata/validata-api) and [validata-ui](https://git.opendatafrance.net/validata/validata-ui) documentation for more information about environment variables.
+
 ## See also

 - https://git.opendatafrance.net/validata/validata-ui

--- a/production/ansible.cfg
+++ b/production/ansible.cfg
+[defaults]
+nocows = true
--- a/production/playbooks/roles/validata/defaults/main.yml
+++ b/production/playbooks/roles/validata/defaults/main.yml
+docker_compose: /usr/local/bin/docker-compose
+docker_compose_stacks_dir: /etc/docker/compose
+
+acme_email: admin-validata@jailbreak.paris
+
+validata_docker_compose_stack_dir: "{{ docker_compose_stacks_dir }}/validata"
+validata_hostname: go-next.validata.fr
+validata_api_base_path: /api/v1
\ No newline at end of file
--- a/production/playbooks/roles/validata/tasks/main.yml
+++ b/production/playbooks/roles/validata/tasks/main.yml
+- name: Create directory to store Docker stack
+  file:
+    path: "{{ validata_docker_compose_stack_dir }}"
+    state: directory
+    mode: 0755
+
+- name: Create docker-compose stack
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ validata_docker_compose_stack_dir }}/docker-compose.yml"
+    mode: 0644
+
+- name: Create traefik config
+  template:
+    src: traefik.toml.j2
+    dest: "{{ validata_docker_compose_stack_dir }}/traefik.toml"
+    mode: 0644
+
+- name: Create api.env
+  template:
+    src: api.env.j2
+    dest: "{{ validata_docker_compose_stack_dir }}/api.env"
+    mode: 0644
+
+- name: Create ui.env
+  template:
+    src: ui.env.j2
+    dest: "{{ validata_docker_compose_stack_dir }}/ui.env"
+    mode: 0644
+
+- name: Ensure acme file exists, with right permissions
+  file:
+    path: "{{ validata_docker_compose_stack_dir }}/acme.json"
+    mode: 0600
+    state: touch
+
+- name: Create docker-compose@ systemd service
+  template:
+    src: docker-compose@.service.j2
+    dest: /etc/systemd/system/docker-compose@.service
+    mode: 0644
+
+- name: Create, enable and start systemd service based on docker-compose@
+  systemd:
+    state: restarted
+    name: docker-compose@validata.service
+    enabled: yes
+    daemon_reload: yes
--- a/production/api.env
+++ b/production/api.env
@@ -2,4 +2,4 @@ BADGE_CONFIG_URL=https://git.opendatafrance.net/validata/validata-badge/raw/mast
 LOG_LEVEL=INFO
 MATOMO_BASE_URL=https://analytics.validata.fr
 MATOMO_SITE_ID=2
-SCRIPT_NAME=/api/v1
+SCRIPT_NAME={{ validata_api_base_path }}
--- a/production/docker-compose.yml
+++ b/production/docker-compose.yml
-version: '3'
+version: "3"

 services:
  reverse-proxy:
@@ -9,27 +9,29 @@ services:
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-      - ./traefik.toml:/traefik.toml
-      - ./acme.json:/acme.json
+      - "{{ validata_docker_compose_stack_dir }}/traefik.toml:/traefik.toml"
+      - "{{ validata_docker_compose_stack_dir }}/acme.json:/acme.json"

  api:
-    image: git.opendatafrance.net:4567/validata/validata-api:latest
+    image: git.opendatafrance.net:4567/validata/validata-api:next
    restart: always
    env_file:
      - ./api.env
      - ./api.secrets.env
    labels:
      - "traefik.enable=true"
-      - "traefik.frontend.rule=PathPrefix:/api/v1"
+      - "traefik.frontend.rule=Host:{{ validata_hostname }};PathPrefix:{{ validata_api_base_path }}"

  ui:
-    image: git.opendatafrance.net:4567/validata/validata-ui:latest
+    image: git.opendatafrance.net:4567/validata/validata-ui:next
    restart: always
    links:
      - api
+    depends_on:
+      - api
    env_file:
      - ./ui.env
      - ./ui.secrets.env
    labels:
      - "traefik.enable=true"
-      - "traefik.frontend.rule=PathPrefix:/"
+      - "traefik.frontend.rule=Host:{{ validata_hostname }}"
--- a/production/playbooks/roles/validata/templates/docker-compose@.service.j2
+++ b/production/playbooks/roles/validata/templates/docker-compose@.service.j2
+[Unit]
+Description=%i service with docker compose
+Requires=docker.service
+After=docker.service
+
+[Service]
+WorkingDirectory={{ docker_compose_stacks_dir }}/%i
+ExecStart={{ docker_compose }} up
+ExecStop={{ docker_compose }} down -v
+
+[Install]
+WantedBy=multi-user.target
+
+
+
--- a/production/traefik.toml
+++ b/production/traefik.toml
 debug = false

 logLevel = "ERROR"
-# defaultEntryPoints = ["https", "http"]
-defaultEntryPoints = ["http"]
+defaultEntryPoints = ["https", "http"]

 [entryPoints]
  [entryPoints.http]
  address = ":80"
-  #   [entryPoints.http.redirect]
-  #   entryPoint = "https"
-  #   permanent = true
-  # [entryPoints.https]
-  # address = ":443"
-  # [entryPoints.https.tls]
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+    permanent = true
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]

 [retry]

 [docker]
 endpoint = "unix:///var/run/docker.sock"
-domain = "go-next.validata.fr"
+domain = "{{ validata_hostname }}"
 watch = true
 exposedByDefault = false

-# [acme]
-# email = "admin-validata@jailbreak.paris"
-# storage = "acme.json"
-# entryPoint = "https"
-# onHostRule = true
-# [acme.httpChallenge]
-# entryPoint = "http"
+[acme]
+email = "{{ acme_email }}"
+storage = "acme.json"
+entryPoint = "https"
+onHostRule = true
+[acme.httpChallenge]
+entryPoint = "http"
--- a/production/ui.env
+++ b/production/ui.env
-API_VALIDATE_ENDPOINT=http://api:5000/validate
+API_VALIDATE_ENDPOINT=http://api:5000{{ validata_api_base_path }}/validate
 HOMEPAGE_CONFIG_FILE=homepage_config.json.example
 LOG_LEVEL=INFO
 MATOMO_BASE_URL=https://analytics.validata.fr

--- a/production/playbooks/validata.retry
+++ b/production/playbooks/validata.retry
+51.158.107.61
--- a/production/playbooks/validata.yml
+++ b/production/playbooks/validata.yml
+- name: Install Validata via Docker
+  hosts: all
+  become: true
+  roles:
+    - geerlingguy.docker
+    - validata
\ No newline at end of file
--- a/production/requirements.yml
+++ b/production/requirements.yml
+- src: geerlingguy.docker
--- a/production/scaleway_inventory.yml
+++ b/production/scaleway_inventory.yml
+plugin: scaleway