setup - implemented setup dependencies

superstes · Oct 25, 2021 · d8c0f4f · d8c0f4f
1 parent 18f52b8
commit d8c0f4f
Show file tree

Hide file tree

Showing 11 changed files with 75 additions and 8 deletions.
diff --git a/code/requirements.txt b/code/requirements.txt
@@ -16,6 +16,7 @@
       django-bootstrap4
       django-bootstrap-datepicker-plus
       django-user-agents
+      requests
 
 #   input devices (sensors)
       adafruit-circuitpython-dht

diff --git a/setup/roles/core/tasks/main.yml b/setup/roles/core/tasks/main.yml
@@ -2,7 +2,7 @@
 
 - name: GA | Core | Installing packages
   apt:
-    name: ['git', 'python3', 'python3-pip', 'python-setuptools']
+    name: ['git', 'python3', 'python3-pip']
     state: present
 
 - name: GA | Core | Setting system timezone
@@ -79,7 +79,7 @@
 
 - name: GA | Core | Adding core config file
   template:
-    src: "templates/var/lib/ga/core/config/file/core.conf.j2"
+    src: 'templates/var/lib/ga/core/config/file/core.conf.j2'
     dest: "{{ ga_core_path }}/core/config/file/core.conf"
     mode: 0600
     owner: "{{ ga_core_service_user }}"
@@ -100,8 +100,11 @@
 
 - name: GA | Core | Adding core service file
   template:
-    src: "templates/lib/systemd/system/ga_core.service.j2"
-    dest: "/lib/systemd/system/ga_core.service"
+    src: 'templates/lib/systemd/system/ga_core.service.j2'
+    dest: '/lib/systemd/system/ga_core.service'
+
+- name: GA | Core | Configuring update prerequisits
+  import_tasks: update.yml
 
 - name: GA | Core | Reloading systemd
   systemd:

diff --git a/setup/roles/core/tasks/update.yml b/setup/roles/core/tasks/update.yml
@@ -0,0 +1,34 @@
+---
+
+- name: GA | Core | Update | Creating directory
+  file:
+    path: "{{ ga_update_path }}"
+    state: directory
+    owner: "{{ ga_update_service_user }}"
+    group: "{{ ga_update_service_user }}"
+    mode: 0755
+
+- name: GA | Core | Update | Adding update service file
+  template:
+    src: 'templates/lib/systemd/system/ga_update.service.j2'
+    dest: '/lib/systemd/system/ga_update.service'
+
+- name: GA | Core | Update | Copying update-code
+  shell: "cp -r {{ setup_clone_dir }}/code/update/* {{ ga_update_path }} &&
+  chown -R {{ ga_update_service_user }}:{{ ga_update_service_user }} {{ ga_update_path }} &&
+  chmod -R 750 {{ ga_update_path }}"
+
+- name: GA | Core | Update | Adding service user
+  user:
+    name: "{{ ga_update_service_user }}"
+    shell: '/usr/sbin/nologin'
+    home: "/home/{{ ga_update_service_user }}"
+
+- name: GA | Core | Update | Adding privileges
+  template:
+    src: 'templates/etc/sudoers.d/gaupdate.j2'
+    dest: '/etc/sudoers.d/gaupdate'
+    owner: 'root'
+    group: 'root'
+    mode: 0440
+    validate: "/usr/sbin/visudo -cf %s"
diff --git a/setup/roles/core/templates/etc/sudoers.d/gaupdate.j2 b/setup/roles/core/templates/etc/sudoers.d/gaupdate.j2
@@ -0,0 +1,5 @@
+Cmnd_Alias GA_UPDATE = \
+  /usr/bin/python3 {{ ga_update_path }}/main.py, \
+  /bin/bash {{ ga_update_path }}/prestart.sh
+
+{{ ga_update_service_user }} ALL=(ALL) NOPASSWD: ALL
diff --git a/setup/roles/core/templates/lib/systemd/system/ga_core.service.j2 b/setup/roles/core/templates/lib/systemd/system/ga_core.service.j2
@@ -16,8 +16,9 @@ Group={{ ga_core_service_user }}
 Restart=on-failure
 RestartSec=60s
 TimeoutStopSec=120s
-StandardOutput=append:{{ ga_core_path_log }}/service.log
-StandardError=append:{{ ga_core_path_log }}/service.log
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=ga_core
 
 Environment="PYTHONPATH={{ ga_core_path }}"
 Environment="PYTHONUNBUFFERED=1"

diff --git a/setup/roles/core/templates/lib/systemd/system/ga_update.service.j2 b/setup/roles/core/templates/lib/systemd/system/ga_update.service.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=GrowAutomation Update Service
+Documentation=https://docs.growautomation.eu
+Documentation=https://github.com/superstes/growautomation
+After=mariadb.service
+
+[Service]
+Type=oneshot
+ExecStartPre=/usr/bin/sudo /bin/bash {{ ga_update_path }}/prestart.sh
+ExecStart=/usr/bin/sudo /usr/bin/python3 {{ ga_update_path }}/main.py
+User={{ ga_update_service_user }}
+Group={{ ga_update_service_user }}
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=ga_update
+
+Environment="PYTHONUNBUFFERED=1"
diff --git a/setup/roles/db/tasks/main.yml b/setup/roles/db/tasks/main.yml
@@ -4,7 +4,7 @@
 
 - name: GA | DB | Install mariadb
   apt:
-    name: ['mariadb-server', 'mariadb-client', 'python-pymysql']
+    name: ['mariadb-server', 'mariadb-client', 'python3-pymysql']
     state: present
   notify: 'enable_mariadb'
 

diff --git a/setup/roles/web/defaults/main.yml b/setup/roles/web/defaults/main.yml
@@ -24,6 +24,7 @@ ga_django_mods:
   - 'ua-parser'
   - 'user-agents'
   - 'django-user-agents'
+  - 'requests'
 
 ga_apache_config_additions:
   ServerTokens: 'Prod'

diff --git a/setup/roles/web/tasks/main.yml b/setup/roles/web/tasks/main.yml
@@ -2,7 +2,7 @@
 
 - name: GA | Web | Installing packages
   apt:
-    name: ['apache2', 'python-setuptools', 'python3-pip', 'libapache2-mod-wsgi-py3']
+    name: ['apache2', 'python3-pip', 'libapache2-mod-wsgi-py3']
     state: present
   notify: 'enable_apache'
 

diff --git a/setup/roles/web/templates/etc/sudoers.d/gaweb.j2 b/setup/roles/web/templates/etc/sudoers.d/gaweb.j2
@@ -9,6 +9,7 @@ Cmnd_Alias GA_WEB = \
   /bin/systemctl reload ga_core.service, \
   /bin/systemctl restart ga_core.service, \
   /bin/systemctl stop ga_core.service , \
+  /bin/systemctl start ga_update.service, \
   /bin/systemctl reload ga_web_certRenewal.service, \
   /bin/systemctl restart ga_web_certRenewal.service, \
   /bin/systemctl stop ga_web_certRenewal.service

diff --git a/setup/vars/main.yml b/setup/vars/main.yml
@@ -84,3 +84,7 @@ ga_sql_pwd_web: "{{ lookup('password', '/dev/null chars=ascii_letters,digits len
   # random passwords can be found in the 'ga_random_pwd_file' file
 ga_sql_db: 'ga'
 ga_sql_socket: '/var/run/mysqld/mysqld.sock'  # socket used to locally connect to database
+
+# update
+ga_update_path: '/var/lib/ga_update'  # DO NOT CHANGE!
+ga_update_service_user: 'ga_update'