From aea0165d2472ed8c744e091bdbdcc1587ead364f Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Tue, 2 Apr 2024 21:43:22 +0100 Subject: [PATCH] Add helpdesk-system deployment --- .../kitsvcs.studentrobotics.org copy.yml | 7 ++ hosts | 3 + playbook.yml | 6 ++ roles/helpdesk-system/README.md | 5 ++ .../files/deploy-requirements.txt | 5 ++ roles/helpdesk-system/handlers/main.yml | 4 + roles/helpdesk-system/tasks/main.yml | 84 +++++++++++++++++++ .../templates/helpdesk-system.service | 15 ++++ roles/helpdesk-system/templates/nginx.conf | 9 ++ roles/helpdesk-system/vars/main.yml | 2 + 10 files changed, 140 insertions(+) create mode 100644 host_vars/kitsvcs.studentrobotics.org copy.yml create mode 100644 roles/helpdesk-system/README.md create mode 100644 roles/helpdesk-system/files/deploy-requirements.txt create mode 100644 roles/helpdesk-system/handlers/main.yml create mode 100644 roles/helpdesk-system/tasks/main.yml create mode 100644 roles/helpdesk-system/templates/helpdesk-system.service create mode 100644 roles/helpdesk-system/templates/nginx.conf create mode 100644 roles/helpdesk-system/vars/main.yml diff --git a/host_vars/kitsvcs.studentrobotics.org copy.yml b/host_vars/kitsvcs.studentrobotics.org copy.yml new file mode 100644 index 0000000..dd1e37a --- /dev/null +++ b/host_vars/kitsvcs.studentrobotics.org copy.yml @@ -0,0 +1,7 @@ +--- +canonical_hostname: kitsvcs.studentrobotics.org + +add_hsts_header: true +certbot_certs: + - domains: + - "{{ canonical_hostname }}" diff --git a/hosts b/hosts index 278afd1..dfd9812 100644 --- a/hosts +++ b/hosts @@ -6,3 +6,6 @@ monty.studentrobotics.org [competitorsvcs] competitorsvcs.studentrobotics.org + +[kitsvcs] +kitsvcs.studentrobotics.org diff --git a/playbook.yml b/playbook.yml index e9981dc..f3587b6 100644 --- a/playbook.yml +++ b/playbook.yml @@ -21,3 +21,9 @@ - competitor-services-nginx - code-submitter - discord-gated-entry + +- name: Kit services + hosts: kitsvcs + roles: + - competitor-services-nginx + - helpdesk-system diff --git a/roles/helpdesk-system/README.md b/roles/helpdesk-system/README.md new file mode 100644 index 0000000..92faa3b --- /dev/null +++ b/roles/helpdesk-system/README.md @@ -0,0 +1,5 @@ +# Helpdesk System + +App for managing a competition helpdesk. + +This is a deployment of . diff --git a/roles/helpdesk-system/files/deploy-requirements.txt b/roles/helpdesk-system/files/deploy-requirements.txt new file mode 100644 index 0000000..dadf0fc --- /dev/null +++ b/roles/helpdesk-system/files/deploy-requirements.txt @@ -0,0 +1,5 @@ +-r requirements.txt + +# Latest at the time of writing. Don't actually care about the version, +# only that we pin it for stability. +gunicorn==21.2.0 diff --git a/roles/helpdesk-system/handlers/main.yml b/roles/helpdesk-system/handlers/main.yml new file mode 100644 index 0000000..ff7540b --- /dev/null +++ b/roles/helpdesk-system/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart helpdesk-system + service: + name: helpdesk-system + state: restarted diff --git a/roles/helpdesk-system/tasks/main.yml b/roles/helpdesk-system/tasks/main.yml new file mode 100644 index 0000000..80c7179 --- /dev/null +++ b/roles/helpdesk-system/tasks/main.yml @@ -0,0 +1,84 @@ +- name: Install virtualenv system dependencies + apt: + pkg: + - python3-virtualenv + - python3-wheel + +- name: Create install directory + file: + path: "{{ install_dir }}" + state: directory + owner: www-data + mode: "755" + +- name: Download + git: + repo: https://github.com/srobo/helpdesk-system + dest: "{{ install_dir }}" + force: true + version: sr2024 # TODO: Pin to commit + notify: + Restart helpdesk-system + register: helpdesk_system_repo + become_user: www-data + +# NOTE: It is expected this configuration won't work as-is +- name: Create configuration if it doesn't exist + copy: + force: false + remote_src: true + src: "{{ install_dir }}/helpdesk/helpdesk/configuration.example.py" + dest: "{{ install_dir }}/helpdesk/helpdesk/configuration.py" + mode: "0600" + owner: www-data + notify: + Restart helpdesk-system + +- name: Install deploy requirements + copy: + src: deploy-requirements.txt + dest: "{{ install_dir }}/deploy-requirements.txt" + mode: "0600" + owner: www-data + notify: + Restart helpdesk-system + register: deploy_requirements + +- name: Install virtual environment + pip: + virtualenv: "{{ venv_dir }}" + requirements: "{{ deploy_requirements.dest }}" + notify: + Restart helpdesk-system + become_user: www-data + when: deploy_requirements.changed or helpdesk_system_repo.changed # noqa: no-handler - Use a handler to ensure execution order + +- name: Install systemd service + template: + src: helpdesk-system.service + dest: /etc/systemd/system/helpdesk-system.service + mode: "0644" + notify: + Restart helpdesk-system + +- name: Install nginx config + template: + src: nginx.conf + dest: /etc/nginx/locations-enabled/helpdesk-system + mode: "0644" + notify: + Reload nginx + +- name: Run migrations # noqa: no-changed-when - We want to always run this (it handles its own idempotency) + django_manage: + command: migrate --noinput -v0 + app_path: "{{ install_dir }}/helpdesk" + virtualenv: "{{ venv_dir }}" + become_user: www-data + when: helpdesk_system_repo.changed # noqa: no-handler - Use a handler to ensure execution order + +- name: Enable service + service: + name: helpdesk-system + state: started + enabled: true diff --git a/roles/helpdesk-system/templates/helpdesk-system.service b/roles/helpdesk-system/templates/helpdesk-system.service new file mode 100644 index 0000000..62fd6c2 --- /dev/null +++ b/roles/helpdesk-system/templates/helpdesk-system.service @@ -0,0 +1,15 @@ +[Unit] +Description=Helpdesk System +After=network.target + +[Service] +User=www-data + +Type=simple + +WorkingDirectory={{ install_dir }}/helpdesk +RuntimeDirectory=helpdesk-system +ExecStart={{ venv_dir }}/bin/gunicorn helpdesk.wsgi:app --bind unix:/var/run/helpdesk-system/helpdesk-system.socket --forwarded-allow-ips='*' + +[Install] +WantedBy=multi-user.target diff --git a/roles/helpdesk-system/templates/nginx.conf b/roles/helpdesk-system/templates/nginx.conf new file mode 100644 index 0000000..eabfd68 --- /dev/null +++ b/roles/helpdesk-system/templates/nginx.conf @@ -0,0 +1,9 @@ +# HACK: Expects to be run at the root +location / { + proxy_pass http://unix:/var/run/helpdesk-system/helpdesk-system.socket:/; + proxy_pass_request_headers on; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $host; +} diff --git a/roles/helpdesk-system/vars/main.yml b/roles/helpdesk-system/vars/main.yml new file mode 100644 index 0000000..4e8fad9 --- /dev/null +++ b/roles/helpdesk-system/vars/main.yml @@ -0,0 +1,2 @@ +install_dir: /srv/helpdesk-system +venv_dir: "{{ install_dir }}/venv"