Merge pull request #937 from dacook/uk_staging2

[Upgrade Ubuntu] uk_staging2

README.md

@@ -24,6 +24,8 @@ Other playbooks include:
 * `backup.yml` - Backup database and image files on the server to the local machine.
 * `rollback.yml` - Rollback the database and codebase to the previous version.
 * `db_transfer.yml` - Transfer the database directly from one host to another (see [Refreshing a staging server](https://github.com/openfoodfoundation/ofn-install/wiki/Refreshing-a-staging-server))
+* `setup_remote_deployment.yml` - Set up a staging server to allow remote triggering of the deploy playbook (eg from a GitHub Action)
+* and more...
 
 You may want to use the [ansible option "checkrun"](http://docs.ansible.com/playbooks_checkmode.html) to do a dry-run of the playbooks. With this option, Ansible will run the playbooks, but not actually make changes on the server.
 

ansible.cfg

@@ -4,7 +4,7 @@ inventory = ./inventory/hosts
 forks = 10
 
 callback_whitelist = profile_tasks
-
+stdout_callback=debug
 
 # Needed to resolve a problem with task output
 [ssh_connection]

inventory/group_vars/all.yml

@@ -50,18 +50,15 @@ swapfile_size: false
 
 #----------------------------------------------------------------------
 # Rails variables
-ruby_version: 3.0.3
+ruby_version: 3.1.4
 
 rbenv_extra_depends:
   - libjemalloc-dev
 
 ruby_compile_options: "--with-jemalloc"
 
 ruby_versions:
-  - version: 2.7.3
-    env:
-      RUBY_CONFIGURE_OPTS: "{{ ruby_compile_options }}"
-  - version: 3.0.3
+  - version: 3.1.4
     env:
       RUBY_CONFIGURE_OPTS: "{{ ruby_compile_options }}"
 

inventory/host_vars/staging.openfoodnetwork.org.uk/config.yml

@@ -8,13 +8,9 @@ admin_email: dev.ofnuk@gmail.com
 
 users_sysadmin:
   - "{{ core_devs }}"
-  - lindhop
   - filipe
   - konrad
   - bethan
-  - mohamed
-
-postgresql_version: 10
 
 # Enable external database access for third party integrations
 postgres_listen_addresses:

playbooks/deploy.yml

@@ -9,6 +9,9 @@
 #
 # github_key: specify a forked branch instead. Eg:
 #  -e "github_key=jibees:upgrade-node-version"
+#
+#  This playbook is copied onto staging servers with setup_remote_deployment so they can deploy to
+#  themselves. Re-run setup_remote_deployment to copy the latest from master.
 
 - name: deploy
   hosts: ofn_servers

playbooks/setup_semaphore_deployment.yml → playbooks/setup_remote_deployment.yml

@@ -1,8 +1,8 @@
 ---
-- name: setup_semaphore_deployment
+- name: setup_remote_deployment
   hosts: ofn_servers
   remote_user: "{{ user }}"
   become: yes
 
   roles:
-    - role: semaphore_deployment
+    - role: remote_deployment

roles/config/tasks/main.yml

@@ -1,4 +1,9 @@
 ---
+- name: "Set hostname"
+  hostname:
+    name: "{{ host_id }}"
+  become: yes
+
 - name: "Set journal log size limit" # to avoid hard drive filling up!
   lineinfile:
     path: /etc/systemd/journald.conf

roles/deploy/tasks/deploy.yml

@@ -11,9 +11,6 @@
     force: yes
   tags: clone
 
-- name: run preflight checks
-  include_tasks: preflight_checks.yml
-
 - name: symlink custom assets into the build
   file:
     src: "{{ item.src }}"

roles/semaphore_deployment/tasks/main.yml → roles/remote_deployment/tasks/main.yml

@@ -1,4 +1,4 @@
---- # Set up Ansible and restricted deployment user for deployment via Semaphore
+--- # Set up Ansible and restricted user for deployment via CI runner (eg GitHub Actions)
 
 - name: add ansible ppa
   apt_repository:
@@ -48,20 +48,20 @@
     owner: "{{ user }}"
     mode: 0700
 
-- name: generate semaphore key pair
-  command: "ssh-keygen -f /home/{{ user }}/keys/semaphore -t rsa -b 4096 -C semaphore -N '' "
+- name: generate deployer key pair
+  command: "ssh-keygen -f /home/{{ user }}/keys/deployer -t rsa -b 4096 -C deployer -N '' "
   args:
-    creates: "/home/{{ user }}/keys/semaphore.pub"
+    creates: "/home/{{ user }}/keys/deployer.pub"
 
 - name: copy public key
   slurp:
-    src: "/home/{{ user }}/keys/semaphore.pub"
-  register: semaphore_public_key
+    src: "/home/{{ user }}/keys/deployer.pub"
+  register: deployer_public_key
   changed_when: False
 
-- name: add semaphore public key to deployment user's authorized_keys
+- name: add deployer public key to deployment user's authorized_keys
   authorized_key:
     user: "{{ deployment_user }}"
-    key: "{{ semaphore_public_key.content | b64decode }}"
+    key: "{{ deployer_public_key.content | b64decode }}"
     state: present
     key_options: 'restrict,command="sudo /home/{{ deployment_user }}/deploy \"$SSH_ORIGINAL_COMMAND\""'

roles/shared_handlers/handlers/main.yml

@@ -2,6 +2,7 @@
 
 - name: fetch services status # into the global variable ansible_facts.services
   service_facts:
+  ignore_errors: true # Temporary work around for ansible < 2.10 (https://github.com/ansible/ansible/issues/68536)
   listen: # run if the following tasks have been notified:
     - restart sidekiq
 
@@ -25,4 +26,6 @@
     state: restarted
   become: yes
   become_user: root
-  when: ansible_facts.services['sidekiq.service']['state'] == 'running'
+  # Can't check this on Ubuntu 20 with Ansible < 2.10. So always try restarting and ignore errors.
+  # when: ansible_facts.services['sidekiq.service']['state'] == 'running' # skip if not already running during first-time setup.
+  ignore_errors: true