[tor-commits] [metrics-cloud/master] onionoo-backends: Import Ansible playbook
irl at torproject.org
irl at torproject.org
Thu Oct 24 15:11:17 UTC 2019
commit 589dbec92e604f4d3e837a1570c9bb4308fc9c20
Author: Iain R. Learmonth <irl at fsfe.org>
Date: Thu Oct 24 16:11:06 2019 +0100
onionoo-backends: Import Ansible playbook
---
ansible/onionoo-backends.yml | 13 ++
.../roles/onionoo-backend/files/profile.onionoo | 2 +
.../onionoo-backend/files/profile.onionoo-unpriv | 2 +
ansible/roles/onionoo-backend/tasks/main.yml | 148 +++++++++++++++++++++
.../templates/onionoo-web.service.j2 | 6 +
.../onionoo-backend/templates/onionoo.service.j2 | 9 ++
6 files changed, 180 insertions(+)
diff --git a/ansible/onionoo-backends.yml b/ansible/onionoo-backends.yml
new file mode 100644
index 0000000..c86be97
--- /dev/null
+++ b/ansible/onionoo-backends.yml
@@ -0,0 +1,13 @@
+---
+- hosts: onionoo-backends
+ vars:
+ onionoo_version: 7.0-1.21.0
+ pre_tasks:
+ - name: get sudo password
+ local_action: shell pass Tor/sudo/onionoo
+ register: pass_output
+ changed_when: False
+ - name: store as ansible become password
+ set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}"
+ roles:
+ - onionoo-backend
diff --git a/ansible/roles/onionoo-backend/files/profile.onionoo b/ansible/roles/onionoo-backend/files/profile.onionoo
new file mode 100644
index 0000000..bae510e
--- /dev/null
+++ b/ansible/roles/onionoo-backend/files/profile.onionoo
@@ -0,0 +1,2 @@
+export XDG_RUNTIME_DIR="/run/user/1547"
+export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
diff --git a/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv b/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv
new file mode 100644
index 0000000..c6adf1b
--- /dev/null
+++ b/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv
@@ -0,0 +1,2 @@
+export XDG_RUNTIME_DIR="/run/user/2075"
+export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
diff --git a/ansible/roles/onionoo-backend/tasks/main.yml b/ansible/roles/onionoo-backend/tasks/main.yml
new file mode 100644
index 0000000..a0c76fd
--- /dev/null
+++ b/ansible/roles/onionoo-backend/tasks/main.yml
@@ -0,0 +1,148 @@
+---
+# TODO: don't always restart
+# TODO: check if the updater is running, and stop if it's ok to stop it,
+# but only if needed
+# TODO: --single-run if out doesn't exist
+- name: set onionoo profile
+ copy:
+ src: profile.onionoo
+ dest: /srv/onionoo.torproject.org/home/.profile
+ mode: 0600
+ become: yes
+ become_user: onionoo
+- name: set onionoo-unpriv profile
+ copy:
+ src: profile.onionoo-unpriv
+ dest: /srv/onionoo.torproject.org/home-unpriv/.profile
+ mode: 0600
+ become: yes
+ become_user: onionoo-unpriv
+- name: check onionoo service status
+ systemd:
+ scope: user
+ name: onionoo
+ register: onionoo_service
+ become: yes
+ become_user: onionoo
+- name: debug
+ debug:
+ var: onionoo_service
+- name: assert that updater service is stopped
+ assert:
+ that: onionoo_service.status.ActiveState != "active"
+- name: check for latest jar
+ stat:
+ path: "/srv/onionoo.torproject.org/onionoo/onionoo-{{ onionoo_version }}.jar"
+ register: jar_stat
+- name: check for latest war
+ stat:
+ path: "/srv/onionoo.torproject.org/onionoo/onionoo-{{ onionoo_version }}.war"
+ register: war_stat
+- name: download latest release
+ get_url:
+ url: https://dist.torproject.org/onionoo/{{ onionoo_version }}/onionoo-{{ onionoo_version }}.tar.gz
+ dest: "/srv/onionoo.torproject.org/home/onionoo-{{ onionoo_version }}.tar.gz"
+ become: true
+ become_user: onionoo
+ when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: create temp directory
+ tempfile:
+ state: directory
+ register: onionoo_unpack
+ become: true
+ become_user: onionoo
+ when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: unpack onionoo release
+ unarchive:
+ remote_src: true
+ src: "/srv/onionoo.torproject.org/home/onionoo-{{ onionoo_version }}.tar.gz"
+ dest: "{{ onionoo_unpack.path }}/"
+ become: true
+ become_user: onionoo
+ when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: copy jar file
+ copy:
+ remote_src: true
+ src: "{{ onionoo_unpack.path }}/onionoo-{{ onionoo_version }}/generated/dist/onionoo-{{ onionoo_version }}.jar"
+ dest: "/srv/onionoo.torproject.org/onionoo/"
+ become: true
+ become_user: onionoo
+ when: jar_stat.stat.exists == False
+- name: copy war file
+ copy:
+ remote_src: true
+ src: "{{ onionoo_unpack.path }}/onionoo-{{ onionoo_version }}/generated/dist/onionoo-{{ onionoo_version }}.war"
+ dest: "/srv/onionoo.torproject.org/onionoo/"
+ become: true
+ become_user: onionoo
+ when: war_stat.stat.exists == False
+- name: delete temporary directory
+ file:
+ path: "{{ onionoo_unpack.path }}"
+ state: absent
+ become: true
+ become_user: onionoo
+ when: jar_stat.stat.exists == False or war_stat.stat.exists == False
+- name: create web logs directory
+ file:
+ path: /srv/onionoo.torproject.org/home-unpriv/web-logs
+ state: directory
+ become: true
+ become_user: onionoo-unpriv
+- name: link web logs directory
+ file:
+ path: /srv/onionoo.torproject.org/onionoo/web-logs
+ src: /srv/onionoo.torproject.org/home-unpriv/web-logs
+ state: link
+ become: true
+ become_user: onionoo
+- name: create systemd user directory for onionoo
+ file:
+ path: /srv/onionoo.torproject.org/home/.config/systemd/user
+ state: directory
+ become: true
+ become_user: onionoo
+- name: create systemd user directory for onionoo-unpriv
+ file:
+ path: /srv/onionoo.torproject.org/home-unpriv/.config/systemd/user
+ state: directory
+ become: true
+ become_user: onionoo-unpriv
+- name: install oninooo updater service file
+ template:
+ src: onionoo.service.j2
+ dest: "/srv/onionoo.torproject.org/home/.config/systemd/user/onionoo.service"
+ become: true
+ become_user: onionoo
+- name: reload systemd daemon
+ systemd:
+ scope: user
+ daemon_reload: yes
+ become: true
+ become_user: onionoo
+- name: install oninooo web server service file
+ template:
+ src: onionoo-web.service.j2
+ dest: "/srv/onionoo.torproject.org/home-unpriv/.config/systemd/user/onionoo-web.service"
+ become: true
+ become_user: onionoo-unpriv
+- name: reload systemd daemon
+ systemd:
+ scope: user
+ daemon_reload: yes
+ become: true
+ become_user: onionoo-unpriv
+- name: start onionoo service
+ systemd:
+ scope: user
+ name: onionoo
+ state: started
+ become: yes
+ become_user: onionoo
+- name: restart onionoo web service status
+ systemd:
+ scope: user
+ name: onionoo-web
+ state: restarted
+ become: yes
+ become_user: onionoo-unpriv
diff --git a/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2 b/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2
new file mode 100644
index 0000000..affab11
--- /dev/null
+++ b/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2
@@ -0,0 +1,6 @@
+[Unit]
+Description=Onionoo Web Server
+
+[Service]
+WorkingDirectory=/srv/onionoo.torproject.org/onionoo
+ExecStart=java -Xmx2g -DLOGBASE=web-logs -jar onionoo-{{ onionoo_version }}.war
diff --git a/ansible/roles/onionoo-backend/templates/onionoo.service.j2 b/ansible/roles/onionoo-backend/templates/onionoo.service.j2
new file mode 100644
index 0000000..19f40a1
--- /dev/null
+++ b/ansible/roles/onionoo-backend/templates/onionoo.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Onionoo Updater
+
+[Service]
+WorkingDirectory=/srv/onionoo.torproject.org/onionoo
+ExecStart=java -Xmx4g -Dsun.net.client.defaultConnectTimeout=60000 \
+ -Dsun.net.client.defaultReadTimeout=60000 -DLOGBASE=logs \
+ -cp onionoo-{{ onionoo_version }}.jar \
+ org.torproject.metrics.onionoo.cron.Main
More information about the tor-commits
mailing list