commit 589dbec92e604f4d3e837a1570c9bb4308fc9c20 Author: Iain R. Learmonth irl@fsfe.org Date: Thu Oct 24 16:11:06 2019 +0100
onionoo-backends: Import Ansible playbook --- ansible/onionoo-backends.yml | 13 ++ .../roles/onionoo-backend/files/profile.onionoo | 2 + .../onionoo-backend/files/profile.onionoo-unpriv | 2 + ansible/roles/onionoo-backend/tasks/main.yml | 148 +++++++++++++++++++++ .../templates/onionoo-web.service.j2 | 6 + .../onionoo-backend/templates/onionoo.service.j2 | 9 ++ 6 files changed, 180 insertions(+)
diff --git a/ansible/onionoo-backends.yml b/ansible/onionoo-backends.yml new file mode 100644 index 0000000..c86be97 --- /dev/null +++ b/ansible/onionoo-backends.yml @@ -0,0 +1,13 @@ +--- +- hosts: onionoo-backends + vars: + onionoo_version: 7.0-1.21.0 + pre_tasks: + - name: get sudo password + local_action: shell pass Tor/sudo/onionoo + register: pass_output + changed_when: False + - name: store as ansible become password + set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}" + roles: + - onionoo-backend diff --git a/ansible/roles/onionoo-backend/files/profile.onionoo b/ansible/roles/onionoo-backend/files/profile.onionoo new file mode 100644 index 0000000..bae510e --- /dev/null +++ b/ansible/roles/onionoo-backend/files/profile.onionoo @@ -0,0 +1,2 @@ +export XDG_RUNTIME_DIR="/run/user/1547" +export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" diff --git a/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv b/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv new file mode 100644 index 0000000..c6adf1b --- /dev/null +++ b/ansible/roles/onionoo-backend/files/profile.onionoo-unpriv @@ -0,0 +1,2 @@ +export XDG_RUNTIME_DIR="/run/user/2075" +export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" diff --git a/ansible/roles/onionoo-backend/tasks/main.yml b/ansible/roles/onionoo-backend/tasks/main.yml new file mode 100644 index 0000000..a0c76fd --- /dev/null +++ b/ansible/roles/onionoo-backend/tasks/main.yml @@ -0,0 +1,148 @@ +--- +# TODO: don't always restart +# TODO: check if the updater is running, and stop if it's ok to stop it, +# but only if needed +# TODO: --single-run if out doesn't exist +- name: set onionoo profile + copy: + src: profile.onionoo + dest: /srv/onionoo.torproject.org/home/.profile + mode: 0600 + become: yes + become_user: onionoo +- name: set onionoo-unpriv profile + copy: + src: profile.onionoo-unpriv + dest: /srv/onionoo.torproject.org/home-unpriv/.profile + mode: 0600 + become: yes + become_user: onionoo-unpriv +- name: check onionoo service status + systemd: + scope: user + name: onionoo + register: onionoo_service + become: yes + become_user: onionoo +- name: debug + debug: + var: onionoo_service +- name: assert that updater service is stopped + assert: + that: onionoo_service.status.ActiveState != "active" +- name: check for latest jar + stat: + path: "/srv/onionoo.torproject.org/onionoo/onionoo-{{ onionoo_version }}.jar" + register: jar_stat +- name: check for latest war + stat: + path: "/srv/onionoo.torproject.org/onionoo/onionoo-{{ onionoo_version }}.war" + register: war_stat +- name: download latest release + get_url: + url: https://dist.torproject.org/onionoo/%7B%7B onionoo_version }}/onionoo-{{ onionoo_version }}.tar.gz + dest: "/srv/onionoo.torproject.org/home/onionoo-{{ onionoo_version }}.tar.gz" + become: true + become_user: onionoo + when: jar_stat.stat.exists == False or war_stat.stat.exists == False +- name: create temp directory + tempfile: + state: directory + register: onionoo_unpack + become: true + become_user: onionoo + when: jar_stat.stat.exists == False or war_stat.stat.exists == False +- name: unpack onionoo release + unarchive: + remote_src: true + src: "/srv/onionoo.torproject.org/home/onionoo-{{ onionoo_version }}.tar.gz" + dest: "{{ onionoo_unpack.path }}/" + become: true + become_user: onionoo + when: jar_stat.stat.exists == False or war_stat.stat.exists == False +- name: copy jar file + copy: + remote_src: true + src: "{{ onionoo_unpack.path }}/onionoo-{{ onionoo_version }}/generated/dist/onionoo-{{ onionoo_version }}.jar" + dest: "/srv/onionoo.torproject.org/onionoo/" + become: true + become_user: onionoo + when: jar_stat.stat.exists == False +- name: copy war file + copy: + remote_src: true + src: "{{ onionoo_unpack.path }}/onionoo-{{ onionoo_version }}/generated/dist/onionoo-{{ onionoo_version }}.war" + dest: "/srv/onionoo.torproject.org/onionoo/" + become: true + become_user: onionoo + when: war_stat.stat.exists == False +- name: delete temporary directory + file: + path: "{{ onionoo_unpack.path }}" + state: absent + become: true + become_user: onionoo + when: jar_stat.stat.exists == False or war_stat.stat.exists == False +- name: create web logs directory + file: + path: /srv/onionoo.torproject.org/home-unpriv/web-logs + state: directory + become: true + become_user: onionoo-unpriv +- name: link web logs directory + file: + path: /srv/onionoo.torproject.org/onionoo/web-logs + src: /srv/onionoo.torproject.org/home-unpriv/web-logs + state: link + become: true + become_user: onionoo +- name: create systemd user directory for onionoo + file: + path: /srv/onionoo.torproject.org/home/.config/systemd/user + state: directory + become: true + become_user: onionoo +- name: create systemd user directory for onionoo-unpriv + file: + path: /srv/onionoo.torproject.org/home-unpriv/.config/systemd/user + state: directory + become: true + become_user: onionoo-unpriv +- name: install oninooo updater service file + template: + src: onionoo.service.j2 + dest: "/srv/onionoo.torproject.org/home/.config/systemd/user/onionoo.service" + become: true + become_user: onionoo +- name: reload systemd daemon + systemd: + scope: user + daemon_reload: yes + become: true + become_user: onionoo +- name: install oninooo web server service file + template: + src: onionoo-web.service.j2 + dest: "/srv/onionoo.torproject.org/home-unpriv/.config/systemd/user/onionoo-web.service" + become: true + become_user: onionoo-unpriv +- name: reload systemd daemon + systemd: + scope: user + daemon_reload: yes + become: true + become_user: onionoo-unpriv +- name: start onionoo service + systemd: + scope: user + name: onionoo + state: started + become: yes + become_user: onionoo +- name: restart onionoo web service status + systemd: + scope: user + name: onionoo-web + state: restarted + become: yes + become_user: onionoo-unpriv diff --git a/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2 b/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2 new file mode 100644 index 0000000..affab11 --- /dev/null +++ b/ansible/roles/onionoo-backend/templates/onionoo-web.service.j2 @@ -0,0 +1,6 @@ +[Unit] +Description=Onionoo Web Server + +[Service] +WorkingDirectory=/srv/onionoo.torproject.org/onionoo +ExecStart=java -Xmx2g -DLOGBASE=web-logs -jar onionoo-{{ onionoo_version }}.war diff --git a/ansible/roles/onionoo-backend/templates/onionoo.service.j2 b/ansible/roles/onionoo-backend/templates/onionoo.service.j2 new file mode 100644 index 0000000..19f40a1 --- /dev/null +++ b/ansible/roles/onionoo-backend/templates/onionoo.service.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Onionoo Updater + +[Service] +WorkingDirectory=/srv/onionoo.torproject.org/onionoo +ExecStart=java -Xmx4g -Dsun.net.client.defaultConnectTimeout=60000 \ + -Dsun.net.client.defaultReadTimeout=60000 -DLOGBASE=logs \ + -cp onionoo-{{ onionoo_version }}.jar \ + org.torproject.metrics.onionoo.cron.Main