Update vremodeler roles for production and add vremodeler_d4research group_vars

2024-01-30 17:35:59 +01:00 · 2024-01-30 17:35:59 +01:00 · 8fa6695b5d
parent 92940d6be1
commit 8fa6695b5d
6 changed files with 131 additions and 20 deletions
--- a/group_vars/vremodeler_d4research/vremodeler_d4research.yml
+++ b/group_vars/vremodeler_d4research/vremodeler_d4research.yml
@ -0,0 +1,8 @@
+start_scopes: D4Research
+complete_start_scope: /d4science.research-infrastructures.eu/D4Research
+gcore_host: vremodeler-d4research.cloud.d4science.org
+vremodeler_docker_stack_name: gcore-d4research
+vremodeler_docker_service_server_name: vremodeler
+infrastructure: d4science.research-infrastructures.eu
+infra: prod
+nfs_server_ip: 192.168.4.10
--- a/inventory/hosts.vremodeler_d4research
+++ b/inventory/hosts.vremodeler_d4research
@ -0,0 +1,2 @@
+[vremodeler_d4research]
+10.1.40.31
--- a/resource-manager-restore-state.yml
+++ b/resource-manager-restore-state.yml
@ -1,4 +1,81 @@
 ---
+- name: Set up global facts
+  gather_facts: true
+  hosts: localhost
+  become: false
+  tasks:
+    - ansible.builtin.set_fact:
+        vo: d4research
+        service: resource_manager
+
+
+- name: Gracefully stop the running RM container
+  hosts: all
+  vars:
+    vo: "{{ hostvars.localhost.vo }}"
+    service: "{{ hostvars.localhost.service }}"
+  tasks:
+    - ansible.builtin.debug:
+        var: groups
+    - name: Retrieve Docker container id of the RM
+      ansible.builtin.command: "sudo docker service ps --no-trunc --format '{{ '{{' }}json .{{ '}}' }}' -f desired-state=shutdown gcore-{{ vo }}_{{ service | replace('_','-') }}"
+      register: service_info 
+
+- name: Parse results and store 
+  hosts: localhost
+  gather_facts: false
+  become: false
+  tags: info
+  tasks:
+    - name: retrieve previous variable
+      ansible.builtin.set_fact:
+        # var: "hostvars['resource_manager_{{ vo }}']['service_info']"
+        service_tasks_str: "{{ hostvars['10.1.40.31']['service_info'].stdout }}"
+    - name: create proper json
+      ansible.builtin.shell: echo {{ service_tasks_str | quote }} | jq -s
+      register: service_tasks_json
+    - name: convert to variable
+      ansible.builtin.set_fact:
+        service_tasks: "{{ service_tasks_json.stdout | from_json }}"
+    - name: Print first item
+      ansible.builtin.debug:
+        var: service_tasks[-1]
+
+- name: Resolve Node IP
+  hosts: all
+  tags: info
+  tasks:
+    - name: Retrieve hostname
+      ansible.builtin.set_fact:
+        worker_node: "{{ hostvars['localhost']['service_tasks'][-1]['Node'] }}" 
+    - name: Retrieve IP
+      ansible.builtin.shell: dig +short {{ worker_node }}
+      register:
+        worker_ip
+    - name: Simple A record (IPV4 address) lookup for example.com
+      ansible.builtin.debug:
+        var: worker_ip.stdout
+
+  # - name: Stop gCore container on the proper docker container
+  #   hosts: "{{ worker_ip.stdout }}"
+  #   tasks:
+  #     - name: Execute docker to stop the container
+  #       debug: 
+  #         msg: "sudo docker exec {{ hostvars['localhost']['service_tasks'][-1]['Name'] }}.{{ hostvars['localhost']['service_tasks'][-1]['ID'] }} /home/gcube/gCore/bin/gcore-stop-container"
+
+    
+    # - name: create pippo
+    #   ansible.builtin.set_fact:
+    #     pippo: ''
+        
+    # - name: Retrieve and convert result to json
+    #   ansible.builtin.set_fact:
+    #     container_info: "{{ pippo | from_json }}"
+
+    # - name: Print results
+    #   ansible.builtin.debug:
+    #     msg: "{{ container_info }}[0]"
+
 - name: Ripristino Stato Resource Manager
  #hosts: is_registry_devsec:is_registry_devnext
  #hosts: resource_manager_devsec
--- a/roles/vremodeler/tasks/main.yml
+++ b/roles/vremodeler/tasks/main.yml
@ -46,31 +46,50 @@
    data_src: '{{ vremodeler_compose_dir }}/server-config.wsdd'
    state: present

- name: Install the devel gcube keys
+- name: Install the gcube keys
  get_url: url={{ item.url }} dest={{ vremodeler_compose_dir }}/{{ item.name }} owner=root group=root mode=0600
-  with_items: '{{ gcube_dev_security_keys }}'
+  with_items: "{{ gcube_security_keys }}"
  
- name: Create the the devel gcube keys
+- name: Create the the gcube keys
  community.docker.docker_secret:
    name: "{{ item.name }}"
    data_src: '{{ vremodeler_compose_dir }}/{{ item.name }}'
    state: present
-  with_items: '{{ gcube_dev_security_keys }}'
+  with_items: "{{ gcube_security_keys }}"

- name: Install the devel legacy gcube key
+- name: Install the legacy gcube key
  get_url: url={{ item.url }} dest={{ vremodeler_compose_dir }}/{{ item.name }} owner=root group=root mode=0600
-  with_items: '{{ gcube_dev_security_key_legacy }}'
+  with_items: "{{ gcube_security_key_legacy }}"
  
- name: Create the the devel legacy gcube keys
+- name: Create the legacy gcube keys
  community.docker.docker_secret:
-    name: gcube-dev-legacy-security-key
+    name: gcube-legacy-security-key
    data_src: '{{ vremodeler_compose_dir }}/{{ item.name }}'
    state: present
-  with_items: '{{ gcube_dev_security_key_legacy }}'
+  with_items: "{{ gcube_security_key_legacy }}"
+

 - name: Start the project stack on Docker Swarm
  community.docker.docker_stack:
    name: '{{ vremodeler_docker_stack_name }}'
    state: present
    compose:
-      - '{{ vremodeler_compose_dir }}/vremodeler-docker-compose.yml'
+      - '{{ vremodeler_compose_dir }}/vremodeler-docker-compose.yml'
+  register: result
+  tags:
+    - deploy
+
+- name: Print info on stack
+  ansible.builtin.debug:
+    msg: "{{ result.stdout }}"
+  tags:
+    - deploy
+
+- name: Print URL to portainer
+  ansible.builtin.debug:
+    msg: |
+      You can access the stack at:
+      
+      https://portainer.cloud.d4science.org/#!/1/docker/stacks/{{ vremodeler_docker_stack_name }}?type=1&regular=false&external=true&orphaned=false"
+  tags:
+    - deploy
--- a/roles/vremodeler/templates/docker-compose.yml.j2
+++ b/roles/vremodeler/templates/docker-compose.yml.j2
@ -10,9 +10,9 @@ secrets:
    external: true
  {{ service_prefix }}-server-config-{{ scope_name }}:
    external: true
-  gcube-dev-legacy-security-key:
+  gcube-legacy-security-key:
    external: true
-{% for item in gcube_dev_security_keys %}
+{% for item in gcube_security_keys %}
  {{ item.name }}:
    external: true
 {% endfor %}
@ -23,7 +23,7 @@ volumes:
    driver_opts:
      type: nfs4
      # o: "nfsvers=4,addr=192.168.1.222,rw,nolock,soft"
-      o: "nfsvers=4,addr=192.168.1.222,rw"
+      o: "nfsvers=4,addr={{ nfs_server_ip }},rw"
      device: ":/nfs_{{ service_prefix | replace("-", "_") }}_{{ env }}"

 services:
@ -47,12 +47,12 @@ services:
        uid: "333"
        gid: "333"
        mode: 0440
-      - source: gcube-dev-legacy-security-key
+      - source: gcube-legacy-security-key
        target: /home/gcube/gCore/config/symm.key
        uid: "333"
        gid: "333"
        mode: 0440
-{% for item in gcube_dev_security_keys %}
+{% for item in gcube_security_keys %}
      - source: {{ item.name }}
        target: /home/gcube/gCore/config/{{ item.name }}
        uid: "333"
@ -66,7 +66,7 @@ services:
      placement:
        constraints: [node.role == worker]
      restart_policy:
-        condition: on-failure
+        condition: none
        delay: 5s
        max_attempts: 5
        window: 120s
--- a/vremodeler.yml
+++ b/vremodeler.yml
@ -1,11 +1,16 @@
 ---
 - name: Configurazione VRE Modeler
  #hosts: is_registry_devsec:is_registry_devnext
-  hosts: vremodeler_dev
+  hosts: all
+  pre_tasks:
+    - name: Set gcube security keys variables properly according to the environment
+      set_fact:
+        gcube_security_keys: "{{ gcube_prod_security_keys if infra == 'prod' else gcube_preprod_security_keys if infra == 'pre' else gcube_dev_security_keys }}"
+        gcube_security_key_legacy: "{{ gcube_prod_security_key_legacy if infra == 'prod' else gcube_preprod_security_key_legacy if infra == 'pre' else gcube_dev_security_key_legacy }}"
  tasks:
-    - name:
-      debug:
-        var: complete_start_scope
+    # - name:
+    #   debug:
+    #     var: complete_start_scope
  roles:
    - { role: vremodeler }