[tor-commits] [metrics-cloud/master] onionoo-backends: Import Ansible playbook

irl at torproject.org irl at torproject.org
Thu Oct 24 15:11:17 UTC 2019


commit 589dbec92e604f4d3e837a1570c9bb4308fc9c20
Author: Iain R. Learmonth <irl at fsfe.org>
Date:   Thu Oct 24 16:11:06 2019 +0100

    onionoo-backends: Import Ansible playbook
---
 ansible/onionoo-backends.yml                       |  13 ++
 .../roles/onionoo-backend/files/profile.onionoo    |   2 +
 .../onionoo-backend/files/profile.onionoo-unpriv   |   2 +
 ansible/roles/onionoo-backend/tasks/main.yml       | 148 +++++++++++++++++++++
 .../templates/onionoo-web.service.j2               |   6 +
 .../onionoo-backend/templates/onionoo.service.j2   |   9 ++
 6 files changed, 180 insertions(+)

diff --git a/ansible/onionoo-backends.yml b/ansible/onionoo-backends.yml
new file mode 100644
index 0000000..c86be97
--- /dev/null
+++ b/ansible/onionoo-backends.yml
@@ -0,0 +1,13 @@
+---
+- hosts: onionoo-backends
+  vars:
+    onionoo_version: 7.0-1.21.0
+  pre_tasks:
+    - name: get sudo password
+      local_action: shell pass Tor/sudo/onionoo
+      register: pass_output
+      changed_when: False
+    - name: store as ansible become password
+      set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}"
+  roles:
+    - onionoo-backend
diff --git a/ansible/roles/onionoo-backend/files/profile.onionoo b/ansible/roles/onionoo-backend/files/profile.onionoo
new file mode 100644
index 0000000..bae510e
--- /dev/null
+++ b/ansible/roles/onionoo-backend/files/profile.onionoo
@@ -0,0 +1,2 @@
+export XDG_RUNTIME_DIR="/run/user/1547"
+export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
diff --git a/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv b/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv
new file mode 100644
index 0000000..c6adf1b
--- /dev/null
+++ b/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv
@@ -0,0 +1,2 @@
+export XDG_RUNTIME_DIR="/run/user/2075"
+export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
diff --git a/ansible/roles/onionoo-backend/tasks/main.yml b/ansible/roles/onionoo-backend/tasks/main.yml
new file mode 100644
index 0000000..a0c76fd
--- /dev/null
+++ b/ansible/roles/onionoo-backend/tasks/main.yml
@@ -0,0 +1,148 @@
+---
+# TODO: don't always restart
+# TODO: check if the updater is running, and stop if it's ok to stop it,
+#       but only if needed
+# TODO: --single-run if out doesn't exist
+- name: set onionoo profile
+  copy:
+    src: profile.onionoo
+    dest: /srv/onionoo.torproject.org/home/.profile
+    mode: 0600
+  become: yes
+  become_user: onionoo
+- name: set onionoo-unpriv profile
+  copy:
+    src: profile.onionoo-unpriv
+    dest: /srv/onionoo.torproject.org/home-unpriv/.profile
+    mode: 0600
+  become: yes
+  become_user: onionoo-unpriv
+- name: check onionoo service status
+  systemd:
+    scope: user
+    name: onionoo
+  register: onionoo_service
+  become: yes
+  become_user: onionoo
+- name: debug
+  debug:
+    var: onionoo_service
+- name: assert that updater service is stopped
+  assert:
+    that: onionoo_service.status.ActiveState != "active"
+- name: check for latest jar
+  stat:
+    path: "/srv/onionoo.torproject.org/onionoo/onionoo-{{ onionoo_version }}.jar"
+  register: jar_stat
+- name: check for latest war
+  stat:
+    path: "/srv/onionoo.torproject.org/onionoo/onionoo-{{ onionoo_version }}.war"
+  register: war_stat
+- name: download latest release
+  get_url:
+    url: https://dist.torproject.org/onionoo/{{ onionoo_version }}/onionoo-{{ onionoo_version }}.tar.gz
+    dest: "/srv/onionoo.torproject.org/home/onionoo-{{ onionoo_version }}.tar.gz"
+  become: true
+  become_user: onionoo
+  when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: create temp directory
+  tempfile:
+    state: directory
+  register: onionoo_unpack
+  become: true
+  become_user: onionoo
+  when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: unpack onionoo release
+  unarchive:
+    remote_src: true
+    src: "/srv/onionoo.torproject.org/home/onionoo-{{ onionoo_version }}.tar.gz"
+    dest: "{{ onionoo_unpack.path }}/"
+  become: true
+  become_user: onionoo
+  when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: copy jar file
+  copy:
+    remote_src: true
+    src: "{{ onionoo_unpack.path }}/onionoo-{{ onionoo_version }}/generated/dist/onionoo-{{ onionoo_version }}.jar"
+    dest: "/srv/onionoo.torproject.org/onionoo/"
+  become: true
+  become_user: onionoo
+  when: jar_stat.stat.exists == False
+- name: copy war file
+  copy:
+    remote_src: true
+    src: "{{ onionoo_unpack.path }}/onionoo-{{ onionoo_version }}/generated/dist/onionoo-{{ onionoo_version }}.war"
+    dest: "/srv/onionoo.torproject.org/onionoo/"
+  become: true
+  become_user: onionoo
+  when: war_stat.stat.exists == False
+- name: delete temporary directory
+  file:
+    path: "{{ onionoo_unpack.path }}"
+    state: absent
+  become: true
+  become_user: onionoo
+  when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: create web logs directory
+  file:
+    path: /srv/onionoo.torproject.org/home-unpriv/web-logs
+    state: directory
+  become: true
+  become_user: onionoo-unpriv
+- name: link web logs directory
+  file:
+    path: /srv/onionoo.torproject.org/onionoo/web-logs
+    src: /srv/onionoo.torproject.org/home-unpriv/web-logs
+    state: link
+  become: true
+  become_user: onionoo
+- name: create systemd user directory for onionoo
+  file:
+    path: /srv/onionoo.torproject.org/home/.config/systemd/user
+    state: directory
+  become: true
+  become_user: onionoo
+- name: create systemd user directory for onionoo-unpriv
+  file:
+    path: /srv/onionoo.torproject.org/home-unpriv/.config/systemd/user
+    state: directory
+  become: true
+  become_user: onionoo-unpriv
+- name: install oninooo updater service file
+  template:
+    src: onionoo.service.j2
+    dest: "/srv/onionoo.torproject.org/home/.config/systemd/user/onionoo.service"
+  become: true
+  become_user: onionoo
+- name: reload systemd daemon
+  systemd:
+    scope: user
+    daemon_reload: yes
+  become: true
+  become_user: onionoo
+- name: install oninooo web server service file
+  template:
+    src: onionoo-web.service.j2
+    dest: "/srv/onionoo.torproject.org/home-unpriv/.config/systemd/user/onionoo-web.service"
+  become: true
+  become_user: onionoo-unpriv
+- name: reload systemd daemon
+  systemd:
+    scope: user
+    daemon_reload: yes
+  become: true
+  become_user: onionoo-unpriv
+- name: start onionoo service
+  systemd:
+    scope: user
+    name: onionoo
+    state: started
+  become: yes
+  become_user: onionoo
+- name: restart onionoo web service status
+  systemd:
+    scope: user
+    name: onionoo-web
+    state: restarted
+  become: yes
+  become_user: onionoo-unpriv
diff --git a/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2 b/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2
new file mode 100644
index 0000000..affab11
--- /dev/null
+++ b/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2
@@ -0,0 +1,6 @@
+[Unit]
+Description=Onionoo Web Server
+
+[Service]
+WorkingDirectory=/srv/onionoo.torproject.org/onionoo
+ExecStart=java -Xmx2g -DLOGBASE=web-logs -jar onionoo-{{ onionoo_version }}.war
diff --git a/ansible/roles/onionoo-backend/templates/onionoo.service.j2 b/ansible/roles/onionoo-backend/templates/onionoo.service.j2
new file mode 100644
index 0000000..19f40a1
--- /dev/null
+++ b/ansible/roles/onionoo-backend/templates/onionoo.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Onionoo Updater
+
+[Service]
+WorkingDirectory=/srv/onionoo.torproject.org/onionoo
+ExecStart=java -Xmx4g -Dsun.net.client.defaultConnectTimeout=60000 \
+              -Dsun.net.client.defaultReadTimeout=60000 -DLOGBASE=logs \
+              -cp onionoo-{{ onionoo_version }}.jar \
+              org.torproject.metrics.onionoo.cron.Main



More information about the tor-commits mailing list