[tor-commits] [tor-browser-build/master] Bug 23738: add ansible scripts to deploy fpcentral

gk at torproject.org gk at torproject.org
Mon Jan 29 07:38:32 UTC 2018 

commit c9a600cc365993321a5e9fb9db71f5112b65d78c
Author: Nicolas Vigier <boklm at torproject.org>
Date:   Mon Dec 4 19:52:55 2017 +0100

    Bug 23738: add ansible scripts to deploy fpcentral
---
 tools/ansible/Makefile                                 |  3 +++
 tools/ansible/README                                   |  5 +++++
 tools/ansible/ansible-fpcentral.cfg                    |  2 ++
 tools/ansible/fpcentral.yml                            |  4 ++++
 tools/ansible/inventory                                |  3 +++
 tools/ansible/roles/fpcentral/defaults/main.yml        |  5 +++++
 tools/ansible/roles/fpcentral/tasks/main.yml           | 18 ++++++++++++++++++
 tools/ansible/roles/fpcentral/templates/fpcentral.wsgi | 14 ++++++++++++++
 8 files changed, 54 insertions(+)

diff --git a/tools/ansible/Makefile b/tools/ansible/Makefile
index eae73b5..608f932 100644
--- a/tools/ansible/Makefile
+++ b/tools/ansible/Makefile
@@ -1,2 +1,5 @@
 ansible-tbb-build:
 	ansible-playbook -i inventory tbb-build.yml
+
+fpcentral:
+	ANSIBLE_CONFIG='$(@D)/ansible-fpcentral.cfg' ansible-playbook -i inventory --ask-become-pass fpcentral.yml
diff --git a/tools/ansible/README b/tools/ansible/README
index f631b08..6b2e6a4 100644
--- a/tools/ansible/README
+++ b/tools/ansible/README
@@ -11,3 +11,8 @@ ansible-tbb-build:
   Deploy changes to the machine used by Tor Browser team members to do
   some Tor Browser builds.
 
+fpcentral:
+  Deploy fpcentral to forrestii.torproject.org. To be able to run this
+  you need to be in the fpcentral tpo ldap group. Your ldap password will
+  be asked, to sudo to the fpcentral user.
+
diff --git a/tools/ansible/ansible-fpcentral.cfg b/tools/ansible/ansible-fpcentral.cfg
new file mode 100644
index 0000000..2ee3fb4
--- /dev/null
+++ b/tools/ansible/ansible-fpcentral.cfg
@@ -0,0 +1,2 @@
+[defaults]
+allow_world_readable_tmpfiles=True
diff --git a/tools/ansible/fpcentral.yml b/tools/ansible/fpcentral.yml
new file mode 100644
index 0000000..80421a3
--- /dev/null
+++ b/tools/ansible/fpcentral.yml
@@ -0,0 +1,4 @@
+---
+- hosts: fpcentral
+  roles:
+      - role: fpcentral
diff --git a/tools/ansible/inventory b/tools/ansible/inventory
index e2597a0..32a5805 100644
--- a/tools/ansible/inventory
+++ b/tools/ansible/inventory
@@ -1,5 +1,8 @@
 build-sunet-a ansible_ssh_user=root ansible_ssh_host=build-sunet-a.torproject.net
+fpcentral ansible_become=True ansible_become_method=sudo ansible_become_user=fpcentral ansible_ssh_host=forrestii.torproject.org allow_world_readable_tmpfiles=True
 
 [tbb-build]
 build-sunet-a
 
+[fpcentral]
+fpcentral
diff --git a/tools/ansible/roles/fpcentral/defaults/main.yml b/tools/ansible/roles/fpcentral/defaults/main.yml
new file mode 100644
index 0000000..e43b348
--- /dev/null
+++ b/tools/ansible/roles/fpcentral/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+fpcentral_git_url: https://git.torproject.org/fpcentral.git
+fpcentral_git_commit: fc8fc9113e5ee2f84ce30f0b8051772dd9d75447
+fpcentral_rootdir: /srv/fpcentral.tbb.torproject.org
+fpcentral_virtualenv: "{{ fpcentral_rootdir }}/fpcentral-virtualenv"
diff --git a/tools/ansible/roles/fpcentral/tasks/main.yml b/tools/ansible/roles/fpcentral/tasks/main.yml
new file mode 100644
index 0000000..e5a4d2e
--- /dev/null
+++ b/tools/ansible/roles/fpcentral/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: clone fpcentral git repo
+  git: repo={{ fpcentral_git_url }} dest={{ fpcentral_rootdir }}/fpcentral
+       version={{ fpcentral_git_commit }}
+
+- name: create python3 virtual env
+  command: "python3 -mvirtualenv -p python3 {{ fpcentral_virtualenv }}"
+  args:
+    creates: "{{ fpcentral_virtualenv }}"
+
+- name: install required python modules
+  command: "{{ fpcentral_virtualenv }}/bin/pip3 install -r {{ fpcentral_rootdir }}/fpcentral/requirements.txt"
+
+- template:
+    src: fpcentral.wsgi
+    dest: "{{ fpcentral_rootdir }}/fpcentral/fpcentral.wsgi"
+    mode: 0755
+
diff --git a/tools/ansible/roles/fpcentral/templates/fpcentral.wsgi b/tools/ansible/roles/fpcentral/templates/fpcentral.wsgi
new file mode 100644
index 0000000..d4d7575
--- /dev/null
+++ b/tools/ansible/roles/fpcentral/templates/fpcentral.wsgi
@@ -0,0 +1,14 @@
+activate_this = '{{ fpcentral_virtualenv }}/bin/activate_this.py'
+with open(activate_this) as file_:
+    exec(file_.read(), dict(__file__=activate_this))
+
+import sys
+sys.path.insert(0, '{{ fpcentral_rootdir }}/fpcentral')
+import os
+os.chdir('{{ fpcentral_rootdir }}/fpcentral')
+from run import app as application
+
+# we include the fpcentral commit as a comment, to make sure the
+# fpcentral.wsgi file is modified when the commit is updated, causing
+# the process to be restarted:
+# {{ fpcentral_git_commit }}

More information about the tor-commits mailing list