setup - debugged core and db setup tasks

superstes · Apr 7, 2021 · eae2850 · eae2850
1 parent c1230eb
commit eae2850
Show file tree

Hide file tree

Showing 14 changed files with 160 additions and 72 deletions.
diff --git a/setup/ansible.cfg b/setup/ansible.cfg
@@ -3,5 +3,5 @@
 
 [defaults]
 inventory = ./inventories/hosts
-roles_path = ./playbooks/roles
+roles_path = ./roles
 ansible_managed = Ansible managed - updated on %Y-%m-%d %H:%M:%S
diff --git a/setup/ga.yml b/setup/ga.yml
@@ -6,38 +6,53 @@
   vars_files:
     - "./vars/main.yml"
   tasks:
-    - name: "Adding info to password file (user {{ ga_sql_user_core }})"
-      shell: "echo '{{ ga_sql_user_core }}' >> {{ ga_sql_pwd_random_file }}"
-      when: ga_sql_pwd_core == ga_sql_pwd_random_key
+    - name: Cleaning old password file
+      file:
+        path: "{{ ga_sql_pwd_random_file }}"
+        state: absent
 
-    - name: "Generating random password for user {{ ga_sql_user_core }}"
+    - name: Generating random password for core
       set_fact:
-        ga_sql_pwd_core: "{{ lookup('password', ga_sql_pwd_random_file + ' length=20 chars=ascii_letters,digits,punctuation') }}"
+        ga_sql_pwd_core: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,punctuation length=20') }}"
+      no_log: true
       when: ga_sql_pwd_core == ga_sql_pwd_random_key
 
-    - name: "Adding info to password file (user {{ ga_sql_user_web }})"
-      shell: "echo '{{ ga_sql_user_web }}' >> {{ ga_sql_pwd_random_file }}"
-      when: ga_sql_pwd_web == ga_sql_pwd_random_key
+    - name: Adding password info for core to file
+      lineinfile:
+        line: "{{ item }}"
+        path: "{{ ga_sql_pwd_random_file }}"
+        create: yes
+        state: present
+      no_log: true
+      with_items:
+        - "{{ ga_sql_user_core }}"
+        - "{{ ga_sql_pwd_core }}"
 
-    - name: "Generating random password for user {{ ga_sql_user_web }}"
+    - name: Generating random password for web
       set_fact:
-        ga_sql_pwd_web: "{{ lookup('password', ga_sql_pwd_random_file + ' length=20 chars=ascii_letters,digits,punctuation') }}"
+        ga_sql_pwd_web: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,punctuation length=20') }}"
+      no_log: true
       when: ga_sql_pwd_web == ga_sql_pwd_random_key
 
+    - name: Adding password info for web to file
+      lineinfile:
+        line: "{{ item }}"
+        path: "{{ ga_sql_pwd_random_file }}"
+        state: present
+      no_log: true
+      with_items:
+        - "{{ ga_sql_user_web }}"
+        - "{{ ga_sql_pwd_web }}"
+
     - name: Database
-      include_role:
+      import_role:
         name: db
       when:
         - ga_sql_server == 'localhost'
         - ga_core_install or ga_web_install
         - ga_sql_install
 
     - name: GA Core
-      include_role:
+      import_role:
         name: core
       when: ga_core_install
-
-    - name: GA Web
-      include_role:
-        name: web
-      when: ga_web_install
diff --git a/setup/inventories/host_vars/localhost.yml b/setup/inventories/host_vars/localhost.yml
@@ -1,4 +1,4 @@
 ---
 
 ansible_host: 'localhost'
-ansible_connection: localhost
+ansible_connection: local
diff --git a/setup/roles/core/defaults/main.yml b/setup/roles/core/defaults/main.yml
@@ -5,4 +5,4 @@ ga_core_mods:
   - 'mysql.connector'
   - 'systemd'
 
-ga_core_path_log: "{{ path_log }}/core"
+ga_core_path_log: "{{ ga_path_log }}/core"
diff --git a/setup/roles/core/tasks/main.yml b/setup/roles/core/tasks/main.yml
@@ -2,14 +2,19 @@
 
 - name: GA | Core | Installing packages
   apt:
-    name: ['git', 'python3', 'python3-pip']
+    name: ['git', 'python3', 'python3-pip', 'python-setuptools']
+    state: present
+
+- name: GA | Core | Adding service group
+  group:
+    name: "{{ ga_service_group }}"
     state: present
 
 - name: GA | Core | Adding service user
-  ansible.builtin.user:
+  user:
     name: "{{ ga_core_service_user }}"
     shell: '/usr/sbin/nologin'
-    home: "{{ ga_home_dir }}/{{ ga_core_service_user }}"
+    home: "/home/{{ ga_core_service_user }}"
     groups: "{{ ga_service_group }}"
     append: yes
 
@@ -20,26 +25,43 @@
     owner: "{{ ga_core_service_user }}"
     group: "{{ ga_service_group }}"
     mode: 0755
+    recurse: yes
   with_items:
   - "{{ ga_core_path }}"
-  - "{{ ga_path_log }}"
+  - "{{ ga_core_path_log }}"
   - "{{ ga_core_path_venv }}"
 
+- name: GA | Core | Checking if repo was already cloned
+  stat:
+    path: "{{ setup_clone_dir }}"
+  register: tmp_clone_dir
+
 - name: GA | Core | Cloning ga code
-  ansible.builtin.git:
+  git:
     repo: 'https://github.com/superstes/growautomation.git'
-    dest: '/tmp/'
+    dest: "{{ setup_clone_dir }}"
     depth: 1
-    version: "{{ ga_version }}"
+  when: not tmp_clone_dir.stat.exists
+#    version: "{{ ga_version }}"
 
 - name: GA | Core | Copying core-code
-  ansible.builtin.copy:
-    src: '/tmp/growautomation/code/core'
-    dest: "{{ ga_core_path }}"
-    remote_src: yes
-    owner: "{{ ga_core_service_user }}"
-    group: "{{ ga_service_group }}"
-    mode: 0755
+  shell: "cp -r {{ setup_clone_dir }}/code/core {{ ga_core_path }} &&
+  chown -R {{ ga_core_service_user }}:{{ ga_service_group }} {{ ga_core_path }} &&
+  chmod 755 -R {{ ga_core_path }}"
+
+- name: GA | Core | Checking if random key file exists
+  stat:
+    path: "{{ ga_core_path }}/core/secret/random.key"
+  register: random_key_file
+
+- name: GA | Core | Generating random encryption key
+  lineinfile:
+    line: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,punctuation length=50') }}"
+    path: "{{ ga_core_path }}/core/secret/random.key"
+    state: present
+    create: yes
+  no_log: true
+  when: not random_key_file.stat.exists
 
 - name: GA | Core | Install python virtualenv
   pip:
@@ -63,5 +85,6 @@
     - 'enable_core'
 
 - name: GA | Configure device support
-  import_role: devices
+  import_role:
+    name: devices
   when: ga_core_device_support
diff --git a/setup/roles/core/templates/lib/systemd/system/ga_core.service.j2 b/setup/roles/core/templates/lib/systemd/system/ga_core.service.j2
@@ -9,17 +9,16 @@ StartLimitIntervalSec=630
 [Service]
 Type=simple
 Environment="PYTHONPATH={{ ga_core_path }}"
-Environment="PYTHONHOME={{ ga_core_path_venv }}"
-ExecStartPre=/usr/bin/python3 {{ ga_core_path }}/core/service/prestart.py
-ExecStart=/usr/bin/python3 {{ ga_core_path }}/core/service/service.py
+ExecStartPre={{ ga_core_path_venv }}/bin/python3 {{ ga_core_path }}/core/service/prestart.py
+ExecStart={{ ga_core_path_venv }}/bin/python3 {{ ga_core_path }}/core/service/service.py
 ExecReload=/bin/kill -10 $MAINPID
 User={{ ga_core_service_user }}
 Group={{ ga_core_service_user }}
 Restart=on-failure
 RestartSec=60s
 TimeoutStopSec=120s
-StandardOutput=append:{{ ga_core_path_log }}/service_output.log
-StandardError=append:{{ ga_core_path_log }}/service_error.log
+StandardOutput=append:{{ ga_core_path_log }}/service.log
+StandardError=append:{{ ga_core_path_log }}/service.log
 
 [Install]
 WantedBy=multi-user.target
diff --git a/setup/roles/db/tasks/main.yml b/setup/roles/db/tasks/main.yml
@@ -4,23 +4,27 @@
 
 - name: GA | DB | Install mariadb
   apt:
-    name: ['mariadb-server', 'mariadb-client']
+    name: ['mariadb-server', 'mariadb-client', 'python-pymysql']
     state: present
   notify: 'enable_mariadb'
 
 - name: GA | DB | Creating database
-  community.mysql.mysql_db:
+  mysql_db:
     name: "{{ ga_sql_db }}"
     state: present
     login_unix_socket: "{{ ga_sql_socket }}"
 
 - name: GA | DB | Creating users
-  community.mysql.mysql_user:
+  mysql_user:
     name: "{{ item.user }}"
     password: "{{ item.pwd }}"
     priv: "{{ ga_sql_db }}.*:ALL"
     state: present
     login_unix_socket: "{{ ga_sql_socket }}"
+    host: "{{ ga_sql_user_host }}"
+    update_password: on_create
+  no_log: true
+  ignore_errors: true  # if user already exist it will fail tue to a bug
   with_items:
     - {user: "{{ ga_sql_user_core }}", pwd: "{{ ga_sql_pwd_core }}"}
     - {user: "{{ ga_sql_user_web }}", pwd: "{{ ga_sql_pwd_web }}"}
diff --git a/setup/roles/devices/tasks/main.yml b/setup/roles/devices/tasks/main.yml
@@ -5,14 +5,15 @@
     name: "{{ ga_device_apt }}"
     state: present
 
-- name: GA | Devices | Install python modules
+- name: GA | Devices | Install python modules into venv
   pip:
     name: "{{ ga_device_pip }}"
-    executable: pip3
+    virtualenv: "{{ ga_core_path_venv }}"
+    virtualenv_python: "{{ ga_python_version }}"
     state: present
 
 - name: GA | Devices | Adding service user to groups
-  ansible.builtin.user:
+  user:
     name: "{{ ga_core_service_user }}"
     groups: "{{ ga_device_groups }}"
     append: yes

diff --git a/setup/roles/ssl_letsencrypt/tasks/domain.yml b/setup/roles/ssl_letsencrypt/tasks/domain.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: GA | LetsEncrypt | Checking if key
-  ansible.builtin.stat:
+  stat:
     path: "{{ ga_ssl_path_key }}"
   register: domain_key
 

diff --git a/setup/roles/ssl_letsencrypt/tasks/domain_new.yml b/setup/roles/ssl_letsencrypt/tasks/domain_new.yml
@@ -19,7 +19,7 @@
     - apache_alias | length == 0
 
 - name: GA | LetsEncrypt | Debug => the following command will be issued
-  ansible.builtin.debug:
+  debug:
     msg: "certbot certonly --apache -{{ certbot_verbosity }} --non-interactive --agree-tos --email {{ certbot_email }} --cert-name {{ ga_web_key }}
              --rsa-key-size {{ letsencrypt_key_size }} --no-redirect --domain {{ ga_web_dns }} {{ _apache_alias }} --cert-path {{ _path_cert }}"
 

diff --git a/setup/roles/web/tasks/django.yml b/setup/roles/web/tasks/django.yml
@@ -30,7 +30,7 @@
   notify: 'restart_apache'
 
 - name: GA | Web | Django | Configuring django settings
-  ansible.builtin.lineinfile:
+  lineinfile:
     path: "{{ ga_web_path }}/base/settings.py"
     regexp: '{{ item.search }}'
     line: '{{ item.replace }}'

diff --git a/setup/roles/web/tasks/main.yml b/setup/roles/web/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
 
-- name: Apache | Install apache
+- name: GA | Web | Installing packages
   apt:
-    name: 'apache2'
+    name: ['apache2', 'python-setuptools']
     state: present
   register: first_run
   notify: 'enable_apache'
@@ -18,11 +18,16 @@
     validate: 'apachectl -t -f %s'
   notify: 'restart_apache'
 
+- name: GA | Web | Adding service group
+  group:
+    name: "{{ ga_service_group }}"
+    state: present
+
 - name: GA | Web | Adding service user
-  ansible.builtin.user:
+  user:
     name: "{{ ga_web_service_user }}"
     shell: '/usr/sbin/nologin'
-    home: "{{ ga_home_dir }}/{{ ga_web_service_user }}"
+    home: "/home/{{ ga_web_service_user }}"
     groups: "{{ ga_web_groups }}"
     append: yes
 
@@ -39,16 +44,22 @@
     - "{{ ga_web_path_static }}"
     - "{{ ga_web_path_venv }}"
 
+- name: GA | Web | Checking if repo was already cloned
+  stat:
+    path: "{{ setup_clone_dir }}"
+  register: tmp_clone_dir
+
 - name: GA | Web | Cloning ga code
-  ansible.builtin.git:
+  git:
     repo: 'https://github.com/superstes/growautomation.git'
-    dest: '/tmp/'
+    dest: "{{ setup_clone_dir }}"
     depth: 1
-    version: "{{ ga_version }}"
+  when: not tmp_clone_dir.stat.exists
+#    version: "{{ ga_version }}"
 
 - name: GA | Web | Copying core-code
-  ansible.builtin.copy:
-    src: '/tmp/growautomation/code/web'
+  copy:
+    src: "{{ setup_clone_dir }}/code/web"
     dest: "{{ ga_web_path }}"
     remote_src: yes
     owner: "{{ ga_web_service_user }}"

diff --git a/setup/setup.sh b/setup/setup.sh
@@ -2,26 +2,59 @@
 
 # GrowAutomation setup script
 
+# just copy this script to the target system and execute it
+
 # written for debian/ubuntu
 # will start setup via ansible playbook
 # config changes:
 #   if you want to install it on a remote system =>
 #     1. add your target host as an ansible host under './inventories/hosts.yml' and './inventories/host_vars/$HOSTNAME.yml' (you can copy the 'tmpl' host)
-#     2. change the TARGET_HOST variable in this script (to the ansible hostname)
+#     2. run this script with the same host as argument (must be exactly the same as in the inventory)
 #   ga-settings can be changed under ./vars/main.yml (before you run the installation script)
 
+SETUP_DIR="/tmp/ga_$(date '+%Y-%m-%d')"
 
-TARGET_HOST='localhost'
+if [ -z $1 ]; then
+  TARGET_HOST='localhost'
+else
+  TARGET_HOST=$1
+fi
 
 sudo apt update
-sudo apt install software-properties-common python python3 --yes
+sudo apt install software-properties-common python python3 git --yes
 sudo apt-add-repository --yes --update ppa:ansible/ansible
 sudo apt-get install ansible --yes
-ansible-galaxy collection install -r requirements.yml
 
-if [ $TARGET_HOST != 'localhost' ]
-then
+if [ $TARGET_HOST != 'localhost' ]; then
   sudo apt install sshpass --yes
 fi
 
-ansible-playbook -K -i inventories/hosts.yml playbooks/ga.yml $TARGET_HOST
+git clone https://github.com/superstes/growautomation.git --depth 1 ${SETUP_DIR}
+cd $SETUP_DIR/setup
+ansible-galaxy collection install -r requirements.yml
+
+echo ''
+echo '###################################################################################'
+echo '##################################### WARNING #####################################'
+echo '###################################################################################'
+echo 'This is the last time you can modify the config before the installation is started.'
+echo '  You could:'
+echo '  -> send this window to the background (Ctrl+Z)'
+echo '  -> make your modifications and'
+echo '  -> bring it back to the foreground (fg).'
+echo ''
+echo '###################################### INFO #######################################'
+echo 'The following config files exist:'
+echo "  main: ${SETUP_DIR}/setup/vars/main.yml"
+echo '  remote hosts (if needed):'
+echo "    - ${SETUP_DIR}/setup/inventories/hosts.yml"
+echo "    - ${SETUP_DIR}/setup/inventories/host_vars/\$HOSTNAME.yml"
+echo ''
+echo 'Do you want to continue? (yes/any=no)'
+
+read config_done
+if [ $config_done == 'yes' ]; then
+  ansible-playbook -K -i inventories/hosts.yml ga.yml --limit ${TARGET_HOST} --extra-vars "setup_clone_dir=${SETUP_DIR}"
+else
+  echo 'User chose to stop the setup! Exiting!'
+fi