From 77d00ab69f195b3a48e3f1f1b8028736e2aea8d7 Mon Sep 17 00:00:00 2001 From: Breno Gazzola Date: Mon, 29 Aug 2022 22:36:45 -0300 Subject: [PATCH 1/2] Move ami roles and upgrade versions --- ami_app.yml | 6 + ami_aws_snapshot.yml | 6 +- ami_packages.yml | 113 +++++++++++------- group_vars/all/vars | 36 +++--- .../buildtools}/tasks/main.yml | 17 +++ .../{ami_chrome => ami/chrome}/tasks/main.yml | 0 .../collectd}/tasks/main.yml | 0 roles/{ami_cron => ami/cron}/tasks/main.yml | 0 .../dist_upgrade}/tasks/main.yml | 10 +- roles/ami/ffmpeg/tasks/main.yml | 22 ++++ .../fonts}/files/69-emoji.conf | 0 .../fonts}/files/70-no-dejavu.conf | 0 .../fonts}/files/NotoColorEmoji.ttf | Bin .../fonts}/files/NotoEmoji-Regular.ttf | Bin roles/{ami_fonts => ami/fonts}/tasks/main.yml | 9 ++ roles/ami/imagemagick/tasks/main.yml | 22 ++++ roles/ami/libheif/tasks/main.yml | 22 ++++ roles/ami/libjxl/tasks/main.yml | 77 ++++++++++++ roles/ami/libspng/tasks/main.yml | 27 +++++ roles/ami/libvips/tasks/main.yml | 21 ++++ roles/ami/mozjpeg/tasks/main.yml | 21 ++++ roles/{ami_node => ami/node}/tasks/main.yml | 0 roles/ami/openjpeg/tasks/main.yml | 30 +++++ roles/ami/openssl/tasks/main.yml | 23 ++++ roles/{ami_pdf => ami/pdf}/tasks/main.yml | 0 roles/ami/postgres/tasks/main.yml | 12 ++ .../purge_services}/tasks/main.yml | 5 + .../{ami_python => ami/python}/tasks/main.yml | 0 roles/ami/redis/tasks/main.yml | 26 ++++ roles/{ami_repos => ami/repos}/tasks/main.yml | 14 ++- roles/{ami_ruby => ami/ruby}/files/rbenv.sh | 0 roles/{ami_ruby => ami/ruby}/tasks/main.yml | 0 roles/{ami_ruby => ami/ruby}/tasks/rbenv.yml | 0 roles/{ami_ruby => ami/ruby}/tasks/ruby.yml | 0 roles/ami/rust/tasks/main.yml | 12 ++ .../sqlite}/tasks/main.yml | 6 +- roles/{ami_ssh => ami/ssh}/handlers/main.yml | 0 roles/{ami_ssh => ami/ssh}/tasks/main.yml | 0 .../ssh}/templates/sshd_config.j2 | 2 +- roles/{ami_time => ami/time}/tasks/main.yml | 0 roles/{ami_ufw => ami/ufw}/files/user.rules | 12 ++ roles/{ami_ufw => ami/ufw}/files/user6.rules | 12 ++ roles/{ami_ufw => ami/ufw}/handlers/main.yml | 0 roles/{ami_ufw => ami/ufw}/tasks/main.yml | 6 +- roles/ami/ulimit/files/limits.conf | 2 + .../{ami_ulimit => ami/ulimit}/tasks/main.yml | 0 .../{ami_user => ami/user}/defaults/main.yml | 0 roles/{ami_user => ami/user}/tasks/main.yml | 14 +-- roles/ami_ffmpeg/tasks/main.yml | 36 ------ roles/ami_imagemagick/tasks/main.yml | 36 ------ roles/ami_libjxl/tasks/main.yml | 81 ------------- roles/ami_libvips/tasks/main.yml | 35 ------ roles/ami_mozjpeg/tasks/main.yml | 25 ---- roles/ami_slack/tasks/main.yml | 36 ------ roles/ami_ulimit/files/limits.conf | 4 - 55 files changed, 504 insertions(+), 334 deletions(-) rename roles/{ami_buildtools => ami/buildtools}/tasks/main.yml (78%) rename roles/{ami_chrome => ami/chrome}/tasks/main.yml (100%) rename roles/{ami_collectd => ami/collectd}/tasks/main.yml (100%) rename roles/{ami_cron => ami/cron}/tasks/main.yml (100%) rename roles/{ami_dist_upgrade => ami/dist_upgrade}/tasks/main.yml (82%) create mode 100644 roles/ami/ffmpeg/tasks/main.yml rename roles/{ami_fonts => ami/fonts}/files/69-emoji.conf (100%) rename roles/{ami_fonts => ami/fonts}/files/70-no-dejavu.conf (100%) rename roles/{ami_fonts => ami/fonts}/files/NotoColorEmoji.ttf (100%) rename roles/{ami_fonts => ami/fonts}/files/NotoEmoji-Regular.ttf (100%) rename roles/{ami_fonts => ami/fonts}/tasks/main.yml (83%) create mode 100644 roles/ami/imagemagick/tasks/main.yml create mode 100644 roles/ami/libheif/tasks/main.yml create mode 100644 roles/ami/libjxl/tasks/main.yml create mode 100644 roles/ami/libspng/tasks/main.yml create mode 100644 roles/ami/libvips/tasks/main.yml create mode 100644 roles/ami/mozjpeg/tasks/main.yml rename roles/{ami_node => ami/node}/tasks/main.yml (100%) create mode 100644 roles/ami/openjpeg/tasks/main.yml create mode 100644 roles/ami/openssl/tasks/main.yml rename roles/{ami_pdf => ami/pdf}/tasks/main.yml (100%) create mode 100644 roles/ami/postgres/tasks/main.yml rename roles/{ami_purge_services => ami/purge_services}/tasks/main.yml (80%) rename roles/{ami_python => ami/python}/tasks/main.yml (100%) create mode 100644 roles/ami/redis/tasks/main.yml rename roles/{ami_repos => ami/repos}/tasks/main.yml (63%) rename roles/{ami_ruby => ami/ruby}/files/rbenv.sh (100%) rename roles/{ami_ruby => ami/ruby}/tasks/main.yml (100%) rename roles/{ami_ruby => ami/ruby}/tasks/rbenv.yml (100%) rename roles/{ami_ruby => ami/ruby}/tasks/ruby.yml (100%) create mode 100644 roles/ami/rust/tasks/main.yml rename roles/{ami_postgres => ami/sqlite}/tasks/main.yml (53%) rename roles/{ami_ssh => ami/ssh}/handlers/main.yml (100%) rename roles/{ami_ssh => ami/ssh}/tasks/main.yml (100%) rename roles/{ami_ssh => ami/ssh}/templates/sshd_config.j2 (81%) rename roles/{ami_time => ami/time}/tasks/main.yml (100%) rename roles/{ami_ufw => ami/ufw}/files/user.rules (86%) rename roles/{ami_ufw => ami/ufw}/files/user6.rules (86%) rename roles/{ami_ufw => ami/ufw}/handlers/main.yml (100%) rename roles/{ami_ufw => ami/ufw}/tasks/main.yml (82%) create mode 100644 roles/ami/ulimit/files/limits.conf rename roles/{ami_ulimit => ami/ulimit}/tasks/main.yml (100%) rename roles/{ami_user => ami/user}/defaults/main.yml (100%) rename roles/{ami_user => ami/user}/tasks/main.yml (72%) delete mode 100644 roles/ami_ffmpeg/tasks/main.yml delete mode 100644 roles/ami_imagemagick/tasks/main.yml delete mode 100644 roles/ami_libjxl/tasks/main.yml delete mode 100644 roles/ami_libvips/tasks/main.yml delete mode 100644 roles/ami_mozjpeg/tasks/main.yml delete mode 100644 roles/ami_slack/tasks/main.yml delete mode 100644 roles/ami_ulimit/files/limits.conf diff --git a/ami_app.yml b/ami_app.yml index cc13d37..3808533 100644 --- a/ami_app.yml +++ b/ami_app.yml @@ -9,3 +9,9 @@ - role: app_bootstrap param_name: "{{ app_name }}" tags: app_bootstrap + + post_tasks: + - name: Cleanup + file: + path: /home/app/{{ app_name }} + state: absent diff --git a/ami_aws_snapshot.yml b/ami_aws_snapshot.yml index cfeda91..68c5850 100644 --- a/ami_aws_snapshot.yml +++ b/ami_aws_snapshot.yml @@ -12,11 +12,11 @@ register: register_instance_info roles: - - - role: aws_ami_create + - role: aws/ami_create + param_name: ami param_instance_id: "{{ register_instance_info.instances[0].instance_id }}" tags: aws_ami_create - - role: aws_ec2_destroy + - role: aws/ec2_destroy param_instance_id: "{{ register_instance_info.instances[0].instance_id }} " tags: aws_ec2_destroy diff --git a/ami_packages.yml b/ami_packages.yml index 4bf8422..b1df1c7 100644 --- a/ami_packages.yml +++ b/ami_packages.yml @@ -3,67 +3,96 @@ - hosts: _railway_ec2_development_ami remote_user: ansible become: yes + + pre_tasks: + - name: Set cflags and pkgconfig for all build scripts + lineinfile: + dest: "/etc/environment" + state: present + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value}}" + with_items: + - key: CFLAGS + value: -O3 + - key: CXXFLAGS + value: -O3 + roles: - - role: ami_repos - tags: repos + - role: ami/purge_services + tags: ami_purge_services + + - role: ami/time + tags: ami_time - - role: ami_dist_upgrade - tags: dist_upgrade + - role: ami/cron + tags: ami_cron - - role: ami_time - tags: time + - role: ami/ufw + tags: ami_ufw - - role: ami_cron - tags: cron + - role: ami/ssh + tags: ami_ssh - - role: ami_ufw - tags: ufw + - role: ami/buildtools + tags: ami_buildtools - - role: ami_ssh - tags: ssh + - role: ami/python + tags: ami_python - - role: ami_collectd - tags: collectd + - role: ami/rust + tags: ami_rust - - role: ami_purge_services - tags: purge_services + - role: ami/node + tags: ami_node - - role: ami_buildtools - tags: buildtools + - role: ami/redis + tags: ami_redis - - role: ami_python - tags: python + - role: ami/postgres + tags: ami_postgres - - role: ami_node - tags: node + - role: ami/sqlite + tags: ami_sqlite - - role: ami_postgres - tags: postgres + - role: ami/ffmpeg + tags: ami_ffmpeg - - role: ami_fonts - tags: fonts + - role: ami/pdf + tags: ami_pdf - - role: ami_chrome - tags: chrome + - role: ami/libjxl + tags: ami_libjxl - - role: ami_ffmpeg - tags: ffmpeg + - role: ami/libheif + tags: ami_libheif - - role: ami_pdf - tags: pdf + - role: ami/libspng + tags: ami_libspng - - role: ami_libjxl - tags: libjxl + - role: ami/mozjpeg + tags: ami_mozjpeg - - role: ami_mozjpeg - tags: libjxl + - role: ami/openjpeg + tags: ami_openjpeg - - role: ami_imagemagick - tags: imagemagick + - role: ami/imagemagick + tags: ami_imagemagick - - role: ami_libvips - tags: libvips + - role: ami/libvips + tags: ami_libvips - - role: ami_ruby + - role: ami/chrome + tags: ami_chrome + + - role: ami/ruby param_version: "{{ ruby_version }}" - tags: ruby + tags: ami_ruby + + - role: aws/cloudwatch + param_nam/: "{{ ansible_environment }}" + param_hostname: ami + param_process_type: ami + tags: aws_cloudwatch + + - role: ami/dist_upgrade + tags: ami_dist_upgrade diff --git a/group_vars/all/vars b/group_vars/all/vars index ca20d98..1d75e37 100644 --- a/group_vars/all/vars +++ b/group_vars/all/vars @@ -1,17 +1,22 @@ --- # AWS -aws_redis_version: "5.0" -aws_redis_version_id: "redis5.0" -aws_redis_port: 6379 -aws_postgres_version: "13" -aws_postgres_version_id: postgres13 +aws_postgres_version: "14" +aws_postgres_version_id: postgres14 aws_region: us-east-1 -aws_ami_id: ami-09e67e426f25ce0d7 +aws_ami_id: ami-0edc92075724775f7 aws_backup_bucket: railway-rds-backups +# Redis +redis_job_port: 6379 +redis_job_maxmemory_policy: noeviction +redis_cache_port: 6380 +redis_cache_maxmemory_policy: allkeys-lfu +redis_kredis_port: 6381 +redis_kredis_maxmemory_policy: allkeys-lfu + # Ruby -ruby_version: 3.0.1 +ruby_version: 3.1.2 # Github github_repository_url: git@github.com:FestaLab/railway-app.git @@ -22,12 +27,13 @@ app_name: railway app_host: railway.festalab.com.br # Ansible stuff -ansible_override_puma_config: true -ansible_override_sidekiq_config: true -ansible_override_database_config: true -ansible_use_static_build_for_ffmpeg: false -ansible_build_image_libs: false -config_vips_version: 8.11.3 -config_imagemagick_version: 7.1.0-6 -config_libjxl_version: 0.5 +config_vips_version: 8.13.0 +config_imagemagick_version: 7.1.0-45 +config_libjxl_version: 0.6.1 +config_libheif_version: 1.12.0 +config_libspng_version: 0.7.2 +config_openjpeg_version: 2.4.0 config_mozjpeg_version: 4.0.3 +config_node_version: 16 +config_postgres_version: 14 +config_postgres_repack_version: 1.4.7 diff --git a/roles/ami_buildtools/tasks/main.yml b/roles/ami/buildtools/tasks/main.yml similarity index 78% rename from roles/ami_buildtools/tasks/main.yml rename to roles/ami/buildtools/tasks/main.yml index ff39725..ca42cad 100644 --- a/roles/ami_buildtools/tasks/main.yml +++ b/roles/ami/buildtools/tasks/main.yml @@ -7,19 +7,32 @@ update_cache: False vars: packages: + - apt-transport-https - autoconf - automake - bison - build-essential + - ca-certificates - cmake + - curl + - default-jre - gcc + - gnupg2 + - libaom0 + - libde265-0 + - libsystemd-dev - libtool + - lsb-release - make - meson - nasm - pkg-config - shared-mime-info - software-properties-common + - tcl + - ubuntu-keyring + - unzip + - x265 - name: Install dev apt: @@ -28,10 +41,12 @@ update_cache: False vars: packages: + - libaom-dev - libbrotli-dev - libcairo2-dev - libcfitsio-dev - libcurl4-openssl-dev + - libde265-dev - libexif-dev - libexpat1-dev - libffi-dev @@ -39,6 +54,7 @@ - libgif-dev - libglib2.0-dev - libgsf-1-dev + - libgsf-1-dev - libheif-dev - libimagequant-dev - libjemalloc-dev @@ -55,6 +71,7 @@ - libssl-dev - libtiff5-dev - libwebp-dev + - libx265-dev - libxml2-dev - libxslt1-dev - libyaml-dev diff --git a/roles/ami_chrome/tasks/main.yml b/roles/ami/chrome/tasks/main.yml similarity index 100% rename from roles/ami_chrome/tasks/main.yml rename to roles/ami/chrome/tasks/main.yml diff --git a/roles/ami_collectd/tasks/main.yml b/roles/ami/collectd/tasks/main.yml similarity index 100% rename from roles/ami_collectd/tasks/main.yml rename to roles/ami/collectd/tasks/main.yml diff --git a/roles/ami_cron/tasks/main.yml b/roles/ami/cron/tasks/main.yml similarity index 100% rename from roles/ami_cron/tasks/main.yml rename to roles/ami/cron/tasks/main.yml diff --git a/roles/ami_dist_upgrade/tasks/main.yml b/roles/ami/dist_upgrade/tasks/main.yml similarity index 82% rename from roles/ami_dist_upgrade/tasks/main.yml rename to roles/ami/dist_upgrade/tasks/main.yml index 90ca5ff..642baee 100644 --- a/roles/ami_dist_upgrade/tasks/main.yml +++ b/roles/ami/dist_upgrade/tasks/main.yml @@ -1,15 +1,13 @@ --- - name: Update apt-get repo and cache - apt: - update_cache: False - force_apt_get: yes + apt: + update_cache: True changed_when: false - name: Upgrade all apt packages - apt: - upgrade: dist - force_apt_get: yes + apt: + upgrade: dist - name: Check if a reboot is needed on all servers register: reboot_required_file diff --git a/roles/ami/ffmpeg/tasks/main.yml b/roles/ami/ffmpeg/tasks/main.yml new file mode 100644 index 0000000..82f84bf --- /dev/null +++ b/roles/ami/ffmpeg/tasks/main.yml @@ -0,0 +1,22 @@ +--- + +- name: Uninstall ffmpeg + apt: + name: "{{ packages }}" + state: present + update_cache: False + vars: + packages: + - ffmpeg + +- name: Download Static Build + unarchive: + src: https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz + dest: ~/ + remote_src: True + +- name: Move the binary + command: mv ~/ffmpeg-5.0.1-amd64-static/{{ item }} /usr/local/bin + with_items: + - ffmpeg + - ffprobe diff --git a/roles/ami_fonts/files/69-emoji.conf b/roles/ami/fonts/files/69-emoji.conf similarity index 100% rename from roles/ami_fonts/files/69-emoji.conf rename to roles/ami/fonts/files/69-emoji.conf diff --git a/roles/ami_fonts/files/70-no-dejavu.conf b/roles/ami/fonts/files/70-no-dejavu.conf similarity index 100% rename from roles/ami_fonts/files/70-no-dejavu.conf rename to roles/ami/fonts/files/70-no-dejavu.conf diff --git a/roles/ami_fonts/files/NotoColorEmoji.ttf b/roles/ami/fonts/files/NotoColorEmoji.ttf similarity index 100% rename from roles/ami_fonts/files/NotoColorEmoji.ttf rename to roles/ami/fonts/files/NotoColorEmoji.ttf diff --git a/roles/ami_fonts/files/NotoEmoji-Regular.ttf b/roles/ami/fonts/files/NotoEmoji-Regular.ttf similarity index 100% rename from roles/ami_fonts/files/NotoEmoji-Regular.ttf rename to roles/ami/fonts/files/NotoEmoji-Regular.ttf diff --git a/roles/ami_fonts/tasks/main.yml b/roles/ami/fonts/tasks/main.yml similarity index 83% rename from roles/ami_fonts/tasks/main.yml rename to roles/ami/fonts/tasks/main.yml index ca7dc17..d1f1d68 100644 --- a/roles/ami_fonts/tasks/main.yml +++ b/roles/ami/fonts/tasks/main.yml @@ -41,3 +41,12 @@ src: NotoEmoji-Regular.ttf dest: /home/app/.fonts/ mode: 0755 + +- name: Install japanese fonts + apt: + name: "{{ packages }}" + state: present + update_cache: False + vars: + packages: + - fonts-takao-mincho diff --git a/roles/ami/imagemagick/tasks/main.yml b/roles/ami/imagemagick/tasks/main.yml new file mode 100644 index 0000000..7c81ac8 --- /dev/null +++ b/roles/ami/imagemagick/tasks/main.yml @@ -0,0 +1,22 @@ +--- + +- name: Download ImageMagick + unarchive: + src: https://github.com/ImageMagick/ImageMagick/archive/refs/tags/{{ config_imagemagick_version }}.tar.gz + dest: ~/ + remote_src: True + +- name: Install ImageMagick + command: "{{ item }}" + args: + chdir: ~/ImageMagick-{{ config_imagemagick_version }} + with_items: + - ./configure + - make + - make install + - ldconfig /usr/local/lib + +- name: Cleanup + file: + path: ~/ImageMagick-{{ config_imagemagick_version }} + state: absent diff --git a/roles/ami/libheif/tasks/main.yml b/roles/ami/libheif/tasks/main.yml new file mode 100644 index 0000000..33f4fb3 --- /dev/null +++ b/roles/ami/libheif/tasks/main.yml @@ -0,0 +1,22 @@ +--- + +- name: Download libheif + unarchive: + src: https://github.com/strukturag/libheif/archive/refs/tags/v{{ config_libheif_version }}.tar.gz + dest: ~/ + remote_src: True + +- name: Compile libheif + command: "{{ item }}" + args: + chdir: ~/libheif-{{ config_libheif_version }} + with_items: + - ./autogen.sh + - ./configure + - make + - make install + +- name: Cleanup + file: + path: ~/libheif-{{ config_libheif_version }} + state: absent diff --git a/roles/ami/libjxl/tasks/main.yml b/roles/ami/libjxl/tasks/main.yml new file mode 100644 index 0000000..37ed18e --- /dev/null +++ b/roles/ami/libjxl/tasks/main.yml @@ -0,0 +1,77 @@ +--- + +- name: Install CLANG-12 + apt: + name: "{{ packages }}" + state: present + update_cache: False + vars: + packages: + - clang-12 + +- name: Register clang-12 in the environment + lineinfile: + dest: "/etc/environment" + state: present + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value}}" + with_items: + - key: CC + value: clang-12 + - key: CXX + value: clang++-12 + +- name: Download libjxl + unarchive: + src: https://gitlab.com/wg1/jpeg-xl/-/archive/v{{ config_libjxl_version }}/jpeg-xl-v{{ config_libjxl_version }}.tar.gz + dest: ~/ + remote_src: True + +- name: Create build folder + file: + path: ~/jpeg-xl-v{{ config_libjxl_version }}/build + state: directory + owner: app + mode: 0755 + +- name: Run bash script to download dependencies + command: ./deps.sh + args: + chdir: ~/jpeg-xl-v{{ config_libjxl_version }} + +- name: Compile libjxl + command: "{{ item }}" + args: + chdir: ~/jpeg-xl-v{{ config_libjxl_version }}/build + with_items: + - "cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF .." + - "cmake --build . -- -j{{ ansible_processor_vcpus }}" + - "cmake --install ." + +- name: Uninstall CLANG-12 + apt: + name: "{{ packages }}" + state: absent + update_cache: False + vars: + packages: + - clang-12 + +- name: Deregister clang-12 in the environment + lineinfile: + dest: "/etc/environment" + state: absent + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value}}" + with_items: + - key: CC + value: clang-12 + - key: CXX + value: clang++-12 + +- name: Cleanup + file: + path: ~/jpeg-xl-v{{ config_libjxl_version }} + state: absent + owner: app + mode: 0755 diff --git a/roles/ami/libspng/tasks/main.yml b/roles/ami/libspng/tasks/main.yml new file mode 100644 index 0000000..60b4ba7 --- /dev/null +++ b/roles/ami/libspng/tasks/main.yml @@ -0,0 +1,27 @@ +--- + +- name: Download libspng + unarchive: + src: https://github.com/randy408/libspng/archive/v{{ config_libspng_version }}.tar.gz + dest: ~/ + remote_src: True + +- name: Create build + command: "{{ item }}" + args: + chdir: ~/libspng-{{ config_libspng_version }} + with_items: + - meson build + +- name: Compile libspng + command: "{{ item }}" + args: + chdir: ~/libspng-{{ config_libspng_version }}/build + with_items: + - ninja + - ninja install + +- name: Cleanup + file: + path: ~/libspng-{{ config_libspng_version }} + state: absent diff --git a/roles/ami/libvips/tasks/main.yml b/roles/ami/libvips/tasks/main.yml new file mode 100644 index 0000000..1ac0cea --- /dev/null +++ b/roles/ami/libvips/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: Download libvips + unarchive: + src: https://github.com/libvips/libvips/releases/download/v{{ config_vips_version }}/vips-{{ config_vips_version }}.tar.gz + dest: ~/ + remote_src: True + +- name: Compile vips + command: "{{ item }}" + args: + chdir: ~/vips-{{ config_vips_version }} + with_items: + - ./configure + - make + - make install + +- name: Cleanup + file: + path: ~/vips-{{ config_vips_version }} + state: absent diff --git a/roles/ami/mozjpeg/tasks/main.yml b/roles/ami/mozjpeg/tasks/main.yml new file mode 100644 index 0000000..f2d6854 --- /dev/null +++ b/roles/ami/mozjpeg/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: Download mozjpeg + unarchive: + src: https://github.com/mozilla/mozjpeg/archive/v{{ config_mozjpeg_version }}.tar.gz + dest: ~/ + remote_src: True + +- name: Compile mozjpeg + command: "{{ item }}" + args: + chdir: ~/mozjpeg-{{ config_mozjpeg_version }} + with_items: + - cmake -G"Unix Makefiles" -DCMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_INSTALL_LIBDIR:PATH=/usr/lib/x86_64-linux-gnu + - make + - make install + +- name: Cleanup + file: + path: ~/mozjpeg-{{ config_mozjpeg_version }} + state: absent diff --git a/roles/ami_node/tasks/main.yml b/roles/ami/node/tasks/main.yml similarity index 100% rename from roles/ami_node/tasks/main.yml rename to roles/ami/node/tasks/main.yml diff --git a/roles/ami/openjpeg/tasks/main.yml b/roles/ami/openjpeg/tasks/main.yml new file mode 100644 index 0000000..2ad1bdb --- /dev/null +++ b/roles/ami/openjpeg/tasks/main.yml @@ -0,0 +1,30 @@ +--- + +- name: Download openjpeg + unarchive: + src: https://github.com/uclouvain/openjpeg/archive/refs/tags/v{{ config_openjpeg_version }}.tar.gz + dest: ~/ + remote_src: True + +- name: Create build folder + file: + path: ~/openjpeg-{{ config_openjpeg_version }}/build + state: directory + owner: app + mode: 0755 + +- name: Compile openjpeg + command: "{{ item }}" + args: + chdir: ~/openjpeg-{{ config_openjpeg_version }}/build + with_items: + - "cmake .. -DCMAKE_BUILD_TYPE=Release" + - make + - make install + +- name: Cleanup + file: + path: ~/openjpeg-{{ config_openjpeg_version }} + state: absent + owner: app + mode: 0755 diff --git a/roles/ami/openssl/tasks/main.yml b/roles/ami/openssl/tasks/main.yml new file mode 100644 index 0000000..a6717b2 --- /dev/null +++ b/roles/ami/openssl/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- name: Download OpenSSL + unarchive: + src: https://openssl.org/source/openssl-1.1.1q.tar.gz + dest: ~/ + remote_src: True + +- name: Compile and Install OpenSSL + command: "{{ item }}" + args: + chdir: ~/openssl-1.1.1q + with_items: + - ./config --openssldir=/usr/local/ssl + - make + - make test + - make install +# - ldconfig /usr/local/lib + +- name: Cleanup + file: + path: ~/openssl-1.1.1q + state: absent diff --git a/roles/ami_pdf/tasks/main.yml b/roles/ami/pdf/tasks/main.yml similarity index 100% rename from roles/ami_pdf/tasks/main.yml rename to roles/ami/pdf/tasks/main.yml diff --git a/roles/ami/postgres/tasks/main.yml b/roles/ami/postgres/tasks/main.yml new file mode 100644 index 0000000..838a9c9 --- /dev/null +++ b/roles/ami/postgres/tasks/main.yml @@ -0,0 +1,12 @@ +--- + +- name: Install postgres client + apt: + name: "{{ packages }}" + state: present + update_cache: False + vars: + packages: + - postgresql-client-{{ config_postgres_version }} + - postgresql-server-dev-{{ config_postgres_version }} + - postgresql-{{ config_postgres_version }}-repack diff --git a/roles/ami_purge_services/tasks/main.yml b/roles/ami/purge_services/tasks/main.yml similarity index 80% rename from roles/ami_purge_services/tasks/main.yml rename to roles/ami/purge_services/tasks/main.yml index 2e68d5a..49983b6 100644 --- a/roles/ami_purge_services/tasks/main.yml +++ b/roles/ami/purge_services/tasks/main.yml @@ -24,3 +24,8 @@ apt: name: modemmanager state: absent + +#- name: Remove systemd-oomd +# apt: +# name: systemd-oomd +# state: absent diff --git a/roles/ami_python/tasks/main.yml b/roles/ami/python/tasks/main.yml similarity index 100% rename from roles/ami_python/tasks/main.yml rename to roles/ami/python/tasks/main.yml diff --git a/roles/ami/redis/tasks/main.yml b/roles/ami/redis/tasks/main.yml new file mode 100644 index 0000000..e298aea --- /dev/null +++ b/roles/ami/redis/tasks/main.yml @@ -0,0 +1,26 @@ +--- + +- name: Download redis + unarchive: + src: http://download.redis.io/redis-stable.tar.gz + dest: ~/ + remote_src: True + +- name: Compile Redis + command: make + environment: + BUILD_WITH_SYSTEMD: yes + USE_SYSTEMD: yes + args: + chdir: ~/redis-stable + +- name: Install Redis + command: mv ~/redis-stable/src/{{ item }} /usr/local/bin + with_items: + - redis-server + - redis-cli + +- name: Cleanup + file: + path: ~/redis-stable + state: absent diff --git a/roles/ami_repos/tasks/main.yml b/roles/ami/repos/tasks/main.yml similarity index 63% rename from roles/ami_repos/tasks/main.yml rename to roles/ami/repos/tasks/main.yml index 9a28ef0..2609c52 100644 --- a/roles/ami_repos/tasks/main.yml +++ b/roles/ami/repos/tasks/main.yml @@ -6,10 +6,10 @@ - name: Add node deb repository apt_repository: - repo: deb https://deb.nodesource.com/node_14.x {{ ansible_distribution_release }} main + repo: deb https://deb.nodesource.com/node_{{ config_node_version }}.x {{ ansible_distribution_release }} main state: present -- name: Import yarn repository key +- name: Install yarn repository key apt_key: url: https://dl.yarnpkg.com/debian/pubkey.gpg state: present @@ -28,3 +28,13 @@ apt_repository: repo: deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main state: present + +- name: Import nginx key + apt_key: + url: https://nginx.org/keys/nginx_signing.key + state: present + +- name: Add nginx deb repository + apt_repository: + repo: deb http://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} nginx + state: present diff --git a/roles/ami_ruby/files/rbenv.sh b/roles/ami/ruby/files/rbenv.sh similarity index 100% rename from roles/ami_ruby/files/rbenv.sh rename to roles/ami/ruby/files/rbenv.sh diff --git a/roles/ami_ruby/tasks/main.yml b/roles/ami/ruby/tasks/main.yml similarity index 100% rename from roles/ami_ruby/tasks/main.yml rename to roles/ami/ruby/tasks/main.yml diff --git a/roles/ami_ruby/tasks/rbenv.yml b/roles/ami/ruby/tasks/rbenv.yml similarity index 100% rename from roles/ami_ruby/tasks/rbenv.yml rename to roles/ami/ruby/tasks/rbenv.yml diff --git a/roles/ami_ruby/tasks/ruby.yml b/roles/ami/ruby/tasks/ruby.yml similarity index 100% rename from roles/ami_ruby/tasks/ruby.yml rename to roles/ami/ruby/tasks/ruby.yml diff --git a/roles/ami/rust/tasks/main.yml b/roles/ami/rust/tasks/main.yml new file mode 100644 index 0000000..ed04b43 --- /dev/null +++ b/roles/ami/rust/tasks/main.yml @@ -0,0 +1,12 @@ +--- + +- name: Install rust + shell: curl https://sh.rustup.rs -sSf | sh -s -- -y + +- name: Create link + file: + src: ~/.cargo/bin/cargo + dest: /usr/bin/cargo + owner: app + group: app + state: link diff --git a/roles/ami_postgres/tasks/main.yml b/roles/ami/sqlite/tasks/main.yml similarity index 53% rename from roles/ami_postgres/tasks/main.yml rename to roles/ami/sqlite/tasks/main.yml index e7cd5cc..8e1057c 100644 --- a/roles/ami_postgres/tasks/main.yml +++ b/roles/ami/sqlite/tasks/main.yml @@ -1,11 +1,11 @@ --- -- name: Install postgres client +- name: Install sqlite apt: name: "{{ packages }}" state: present update_cache: False vars: packages: - - postgresql-client-common - - postgresql-client + - sqlite3 + - libsqlite3-dev diff --git a/roles/ami_ssh/handlers/main.yml b/roles/ami/ssh/handlers/main.yml similarity index 100% rename from roles/ami_ssh/handlers/main.yml rename to roles/ami/ssh/handlers/main.yml diff --git a/roles/ami_ssh/tasks/main.yml b/roles/ami/ssh/tasks/main.yml similarity index 100% rename from roles/ami_ssh/tasks/main.yml rename to roles/ami/ssh/tasks/main.yml diff --git a/roles/ami_ssh/templates/sshd_config.j2 b/roles/ami/ssh/templates/sshd_config.j2 similarity index 81% rename from roles/ami_ssh/templates/sshd_config.j2 rename to roles/ami/ssh/templates/sshd_config.j2 index 75cac1a..c72504d 100644 --- a/roles/ami_ssh/templates/sshd_config.j2 +++ b/roles/ami/ssh/templates/sshd_config.j2 @@ -3,7 +3,7 @@ AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: -AllowUsers ubuntu ansible app +AllowUsers ubuntu ansible app nginx metabase retool PasswordAuthentication no ChallengeResponseAuthentication no PermitRootLogin no diff --git a/roles/ami_time/tasks/main.yml b/roles/ami/time/tasks/main.yml similarity index 100% rename from roles/ami_time/tasks/main.yml rename to roles/ami/time/tasks/main.yml diff --git a/roles/ami_ufw/files/user.rules b/roles/ami/ufw/files/user.rules similarity index 86% rename from roles/ami_ufw/files/user.rules rename to roles/ami/ufw/files/user.rules index b0008bc..89db58e 100644 --- a/roles/ami_ufw/files/user.rules +++ b/roles/ami/ufw/files/user.rules @@ -56,6 +56,18 @@ ### tuple ### allow tcp 3009 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 3009 -j ACCEPT +### tuple ### allow tcp 8001 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw-user-input -p tcp --dport 8001 -j ACCEPT + +### tuple ### allow tcp 6379 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw-user-input -p tcp --dport 6379 -j ACCEPT + +### tuple ### allow tcp 6380 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw-user-input -p tcp --dport 6380 -j ACCEPT + +### tuple ### allow tcp 6381 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw-user-input -p tcp --dport 6381 -j ACCEPT + ### END RULES ### ### LOGGING ### diff --git a/roles/ami_ufw/files/user6.rules b/roles/ami/ufw/files/user6.rules similarity index 86% rename from roles/ami_ufw/files/user6.rules rename to roles/ami/ufw/files/user6.rules index 45e7b79..0a8fdb3 100644 --- a/roles/ami_ufw/files/user6.rules +++ b/roles/ami/ufw/files/user6.rules @@ -56,6 +56,18 @@ ### tuple ### allow tcp 3009 0.0.0.0/0 any 0.0.0.0/0 in -A ufw6-user-input -p tcp --dport 3009 -j ACCEPT +### tuple ### allow tcp 8001 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw6-user-input -p tcp --dport 8001 -j ACCEPT + +### tuple ### allow tcp 6379 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw6-user-input -p tcp --dport 6379 -j ACCEPT + +### tuple ### allow tcp 6380 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw6-user-input -p tcp --dport 6380 -j ACCEPT + +### tuple ### allow tcp 6381 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw6-user-input -p tcp --dport 6381 -j ACCEPT + ### END RULES ### diff --git a/roles/ami_ufw/handlers/main.yml b/roles/ami/ufw/handlers/main.yml similarity index 100% rename from roles/ami_ufw/handlers/main.yml rename to roles/ami/ufw/handlers/main.yml diff --git a/roles/ami_ufw/tasks/main.yml b/roles/ami/ufw/tasks/main.yml similarity index 82% rename from roles/ami_ufw/tasks/main.yml rename to roles/ami/ufw/tasks/main.yml index fe31829..fd9b343 100644 --- a/roles/ami_ufw/tasks/main.yml +++ b/roles/ami/ufw/tasks/main.yml @@ -17,11 +17,15 @@ notify: Reload ufw - name: Enable ufw + ufw: + state: enabled + +- name: Enable ufw service service: name: ufw enabled: yes -- name: Start ufw +- name: Start ufw service service: name: ufw state: started diff --git a/roles/ami/ulimit/files/limits.conf b/roles/ami/ulimit/files/limits.conf new file mode 100644 index 0000000..279458b --- /dev/null +++ b/roles/ami/ulimit/files/limits.conf @@ -0,0 +1,2 @@ +* soft nofile 262144 +* hard nofile 262144 diff --git a/roles/ami_ulimit/tasks/main.yml b/roles/ami/ulimit/tasks/main.yml similarity index 100% rename from roles/ami_ulimit/tasks/main.yml rename to roles/ami/ulimit/tasks/main.yml diff --git a/roles/ami_user/defaults/main.yml b/roles/ami/user/defaults/main.yml similarity index 100% rename from roles/ami_user/defaults/main.yml rename to roles/ami/user/defaults/main.yml diff --git a/roles/ami_user/tasks/main.yml b/roles/ami/user/tasks/main.yml similarity index 72% rename from roles/ami_user/tasks/main.yml rename to roles/ami/user/tasks/main.yml index 5786182..66bb18f 100644 --- a/roles/ami_user/tasks/main.yml +++ b/roles/ami/user/tasks/main.yml @@ -3,6 +3,7 @@ - name: Add user user: name: "{{ param_name }}" + create_home: true state: present - name: Set comment @@ -24,14 +25,11 @@ group: "{{ param_name }}" mode: 0700 -- name: Copy authorized keys from ubuntu user - copy: - remote_src: yes - src: ~ubuntu/.ssh/authorized_keys - dest: ~{{ param_name }}/.ssh/authorized_keys - owner: "{{ param_name }}" - group: "{{ param_name }}" - mode: 0600 +- name: Add production key + authorized_key: + user: "{{ param_name }}" + state: present + key: "{{ lookup('file', '~/.ssh/festalab_keypair_production_v2.pem.pub') }}" - name: Add sudo rights copy: diff --git a/roles/ami_ffmpeg/tasks/main.yml b/roles/ami_ffmpeg/tasks/main.yml deleted file mode 100644 index 2730ddd..0000000 --- a/roles/ami_ffmpeg/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- - -- block: - - - name: Uninstall ffmpeg - apt: - name: "{{ packages }}" - state: present - update_cache: False - vars: - packages: - - ffmpeg - - - name: Download Static Build - unarchive: - src: https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz - dest: ~/ - remote_src: True - - - name: Move the binary - command: mv ~/ffmpeg-4.4-amd64-static/ffmpeg /usr/local/bin - - when: ansible_use_static_build_for_ffmpeg == true - -- block: - - - name: Install ffmpeg - apt: - name: "{{ packages }}" - state: present - update_cache: True - vars: - packages: - - ffmpeg - - when: ansible_use_static_build_for_ffmpeg == false diff --git a/roles/ami_imagemagick/tasks/main.yml b/roles/ami_imagemagick/tasks/main.yml deleted file mode 100644 index f7fafb4..0000000 --- a/roles/ami_imagemagick/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- - -- block: - - - name: Install ImagMagick package if not building image libraries from source - apt: - name: imagemagick - state: present - update_cache: False - - when: ansible_build_image_libs == false - -- block: - - - name: Download ImageMagick - unarchive: - src: https://download.imagemagick.org/ImageMagick/download/ImageMagick-{{ ansible_imagemagick_version }}.tar.gz - dest: ~/ - remote_src: True - - - name: Install ImageMagick - command: "{{ item }}" - args: - chdir: ~/ImageMagick-{{ ansible_imagemagick_version }} - with_items: - - ./configure - - make - - make install - - ldconfig /usr/local/lib - - - name: Cleanup - file: - path: ~/ImageMagick-{{ ansible_imagemagick_version }} - state: absent - - when: ansible_build_image_libs == true diff --git a/roles/ami_libjxl/tasks/main.yml b/roles/ami_libjxl/tasks/main.yml deleted file mode 100644 index bd515e7..0000000 --- a/roles/ami_libjxl/tasks/main.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- - -- block: - - - name: Install CLANG-7 - apt: - name: "{{ packages }}" - state: present - update_cache: False - vars: - packages: - - clang-7 - - - name: Register clang-7 in the environment - lineinfile: - dest: "/etc/environment" - state: present - regexp: "^{{ item.key }}=" - line: "{{ item.key }}={{ item.value}}" - with_items: - - key: CC - value: clang-7 - - key: CXX - value: clang++-7 - - - name: Download libjxl - unarchive: - src: https://gitlab.com/wg1/jpeg-xl/-/archive/v{{ config_libjxl_version }}/jpeg-xl-v{{ config_libjxl_version }}.tar.gz - dest: ~/ - remote_src: True - - - name: Create build folder - file: - path: ~/jpeg-xl-v{{ config_libjxl_version }}/build - state: directory - owner: app - mode: 0755 - - - name: Run bash script to download dependencies - command: ./deps.sh - args: - chdir: ~/jpeg-xl-v{{ config_libjxl_version }} - - - name: Compile libjxl - command: "{{ item }}" - args: - chdir: ~/jpeg-xl-v{{ config_libjxl_version }}/build - with_items: - - "cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF .." - - "cmake --build . -- -j{{ ansible_processor_vcpus }}" - - "cmake --install ." - - - name: Uninstall CLANG-7 - apt: - name: "{{ packages }}" - state: absent - update_cache: False - vars: - packages: - - clang-7 - - - name: Deregister clang-7 in the environment - lineinfile: - dest: "/etc/environment" - state: absent - regexp: "^{{ item.key }}=" - line: "{{ item.key }}={{ item.value}}" - with_items: - - key: CC - value: clang-7 - - key: CXX - value: clang++-7 - - - name: Cleanup - file: - path: ~/jpeg-xl-v{{ config_libjxl_version }} - state: absent - owner: app - mode: 0755 - - when: ansible_build_image_libs == true diff --git a/roles/ami_libvips/tasks/main.yml b/roles/ami_libvips/tasks/main.yml deleted file mode 100644 index 0aa9e3c..0000000 --- a/roles/ami_libvips/tasks/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- block: - - - name: Install libvips package if not building image libraries from source - apt: - name: libvips-tools - state: present - update_cache: False - - when: ansible_build_image_libs == false - -- block: - - - name: Download libvips - unarchive: - src: https://github.com/libvips/libvips/releases/download/v{{ ansible_libvips_version }}/vips-{{ ansible_libvips_version }}.tar.gz - dest: ~/ - remote_src: True - - - name: Compile vips - command: "{{ item }}" - args: - chdir: ~/vips-{{ ansible_libvips_version }} - with_items: - - ./configure - - make - - make install - - - name: Cleanup - file: - path: ~/vips-{{ ansible_libvips_version }} - state: absent - - when: ansible_build_image_libs == true diff --git a/roles/ami_mozjpeg/tasks/main.yml b/roles/ami_mozjpeg/tasks/main.yml deleted file mode 100644 index 92e95c2..0000000 --- a/roles/ami_mozjpeg/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- block: - - - name: Download mozjpeg - unarchive: - src: https://github.com/mozilla/mozjpeg/archive/v{{ config_mozjpeg_version }}.tar.gz - dest: ~/ - remote_src: True - - - name: Compile mozjpeg - command: "{{ item }}" - args: - chdir: ~/mozjpeg-{{ config_mozjpeg_version }} - with_items: - - cmake -G"Unix Makefiles" -DCMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_INSTALL_LIBDIR:PATH=/usr/lib/x86_64-linux-gnu - - make - - make install - - - name: Cleanup - file: - path: ~/mozjpeg-{{ config_mozjpeg_version }} - state: absent - - when: ansible_build_image_libs == true diff --git a/roles/ami_slack/tasks/main.yml b/roles/ami_slack/tasks/main.yml deleted file mode 100644 index 3e7006f..0000000 --- a/roles/ami_slack/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- - -- block: - - - name: Get previous commit - command: git rev-parse HEAD - args: - chdir: ~app/{{ param_name }} - changed_when: false - failed_when: false - register: check_previous_commit - - - set_fact: - previous_commit: "{{ check_previous_commit.stdout }}" - - - name: Send deployment start - community.general.slack: - token: T58JKBZJS/B01U24EN7M0/1NI4yo1Z9izDFWyyIlxifcRg - attachments: - - text: Deploy has started - color: "{{ param_color }}" - fields: - - title: Current commit - value: "{{ previous_commit }}" - actions: - - type: button - text: Compare - url: https://github.com/FestaLab/festalab-app/compare/{{ previous_commit }}...HEAD - - when: param_status == "started" - -- name: Send deployment end - community.general.slack: - token: T58JKBZJS/B01U24EN7M0/1NI4yo1Z9izDFWyyIlxifcRg - msg: Deploy has ended - when: param_status == "ended" diff --git a/roles/ami_ulimit/files/limits.conf b/roles/ami_ulimit/files/limits.conf deleted file mode 100644 index 71e8d37..0000000 --- a/roles/ami_ulimit/files/limits.conf +++ /dev/null @@ -1,4 +0,0 @@ -root soft nofile 65536 -root hard nofile 65536 -* soft nofile 65536 -* hard nofile 65536 From b7d9048ad3aec796ca59aec2522d412c59191e2e Mon Sep 17 00:00:00 2001 From: Breno Gazzola Date: Wed, 23 Nov 2022 14:49:10 -0300 Subject: [PATCH 2/2] Update AMI playbook --- README.md | 4 +- ami_aws_setup.yml | 4 +- ami_aws_snapshot.yml | 2 +- ami_bootstrap.yml | 19 +++++++-- bootstrap_ansible_development.yml | 2 +- bootstrap_ansible_production.yml | 2 +- bootstrap_aws.yml | 2 - bootstrap_aws_redis_cache.yml | 15 ------- bootstrap_aws_redis_job.yml | 15 ------- contribute_bootstrap.yml | 2 - contribute_setup.yml | 4 +- contribute_teardown.yml | 12 +++--- docs/CONTRIBUTE.MD | 22 +++++----- docs/FIRST_RUN.MD | 2 +- docs/INSTALL.MD | 12 +++--- docs/THE_PARTS_OF_RAILWAY.MD | 2 +- docs/customization/ANSIBLE_AWS.MD | 4 +- group_vars/all/vars | 15 +++---- roles/ami/buildtools/tasks/main.yml | 5 ++- roles/ami/ffmpeg/tasks/main.yml | 8 +++- roles/ami/libjxl/tasks/main.yml | 10 ++--- roles/ami/libspng/tasks/main.yml | 3 +- roles/ami/libvips/tasks/main.yml | 15 +++++-- roles/ami/log/tasks/main.yml | 41 +++++++++++++++++++ roles/ami/openjpeg/tasks/main.yml | 2 +- roles/ami/pdf/tasks/main.yml | 15 ++++++- roles/ami/python/tasks/main.yml | 2 + .../snapshot}/tasks/main.yml | 0 .../cloudwatch}/files/common-config.toml | 0 .../cloudwatch}/tasks/main.yml | 0 .../cloudwatch}/templates/config.j2 | 0 .../cloudwatch}/templates/credentials.j2 | 0 .../files/ansible-ec2-development.pem | 2 +- .../files/ansible-ec2-production.pem | 2 +- .../ec2_create}/tasks/main.yml | 2 +- .../ec2_destroy}/tasks/main.yml | 0 setup_control_ec2.yml | 2 +- setup_web_ec2.yml | 2 +- setup_worker_ec2.yml | 2 +- teardown_aws.yml | 2 +- 40 files changed, 152 insertions(+), 103 deletions(-) delete mode 100644 bootstrap_aws_redis_cache.yml delete mode 100644 bootstrap_aws_redis_job.yml create mode 100644 roles/ami/log/tasks/main.yml rename roles/{aws_ami_create => ami/snapshot}/tasks/main.yml (100%) rename roles/{aws_cloudwatch => aws/cloudwatch}/files/common-config.toml (100%) rename roles/{aws_cloudwatch => aws/cloudwatch}/tasks/main.yml (100%) rename roles/{aws_cloudwatch => aws/cloudwatch}/templates/config.j2 (100%) rename roles/{aws_cloudwatch => aws/cloudwatch}/templates/credentials.j2 (100%) rename roles/{aws_ec2_create => aws/ec2_create}/files/ansible-ec2-development.pem (57%) rename roles/{aws_ec2_create => aws/ec2_create}/files/ansible-ec2-production.pem (57%) rename roles/{aws_ec2_create => aws/ec2_create}/tasks/main.yml (97%) rename roles/{aws_ec2_destroy => aws/ec2_destroy}/tasks/main.yml (100%) diff --git a/README.md b/README.md index c6c6cde..2e97f4a 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ To make all this work it makes some strong assumptions about the rails app it wi 4. Postgres as database; 5. Node/Yarn for javascript; 6. [Majestic Monolith](https://m.signalvnoise.com/the-majestic-monolith/) instead of Microservices; -7. Ubuntu 20.04; +7. Ubuntu 22.04; 8. No containers; It relies the following services in AWS: @@ -43,7 +43,7 @@ I've always been a fan of those "choose your own adventure" game books, so let's Bug reports and pull requests are welcome on GitHub at https://github.com/FestaLab/railway. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/FestaLab/railway/blob/main/CODE_OF_CONDUCT.md). -If you with to submit pull requests, please check the [contribution guide](https://github.com/FestaLab/railway/blob/main/docs/CONTRIBUTION.MD) to make handling your credentials easier. +If you with to submit pull requests, please check the [contribution guide](https://github.com/FestaLab/railway/blob/main/docs/CONTRIBUTE.MD) to make handling your credentials easier. ## License diff --git a/ami_aws_setup.yml b/ami_aws_setup.yml index 9c3bd51..a70d68a 100644 --- a/ami_aws_setup.yml +++ b/ami_aws_setup.yml @@ -4,9 +4,9 @@ gather_facts: False roles: - - role: aws_ec2_create + - role: aws/ec2_create param_name: ami - param_instance_type: c5.2xlarge + param_instance_type: m6i.2xlarge param_ami_id: "{{ aws_ami_id }}" param_exact_count: 1 tags: aws_ec2_create diff --git a/ami_aws_snapshot.yml b/ami_aws_snapshot.yml index 68c5850..fb5336d 100644 --- a/ami_aws_snapshot.yml +++ b/ami_aws_snapshot.yml @@ -12,7 +12,7 @@ register: register_instance_info roles: - - role: aws/ami_create + - role: ami/snapshot param_name: ami param_instance_id: "{{ register_instance_info.instances[0].instance_id }}" tags: aws_ami_create diff --git a/ami_bootstrap.yml b/ami_bootstrap.yml index 81f5073..85c992d 100644 --- a/ami_bootstrap.yml +++ b/ami_bootstrap.yml @@ -7,17 +7,28 @@ roles: - - role: ami_user + - role: ami/ulimit + tags: ulimit + + - role: ami/dist_upgrade + tags: ami_dist_upgrade + + - role: ami/repos + tags: ami_repos + + - role: ami/log + tags: ami_log + + - role: ami/user param_name: ansible param_comment: Ansible user param_sudo: yes tags: ansible_user - - role: ami_user + - role: ami/user param_name: app param_comment: Application user param_sudo: yes tags: user_app - - role: ami_ulimit - tags: ulimit + diff --git a/bootstrap_ansible_development.yml b/bootstrap_ansible_development.yml index adfde8c..1cd2bf3 100644 --- a/bootstrap_ansible_development.yml +++ b/bootstrap_ansible_development.yml @@ -14,7 +14,7 @@ - name: Copy ec2 development key to local ssh folder copy: - src: "roles/aws_ec2_create/files/ansible-ec2-development.pem" + src: "roles/aws/ec2_create/files/ansible-ec2-development.pem" dest: ~/.ssh/ansible-ec2-development.pem mode: 0600 diff --git a/bootstrap_ansible_production.yml b/bootstrap_ansible_production.yml index 287d069..42d3206 100644 --- a/bootstrap_ansible_production.yml +++ b/bootstrap_ansible_production.yml @@ -6,7 +6,7 @@ - name: Copy ec2 production key to local ssh folder copy: - src: "roles/aws_ec2_create/files/ansible-ec2-production.pem" + src: "roles/aws/ec2_create/files/ansible-ec2-production.pem" dest: ~/.ssh/ansible-ec2-production.pem mode: 0600 diff --git a/bootstrap_aws.yml b/bootstrap_aws.yml index 9497f3a..4489a1e 100644 --- a/bootstrap_aws.yml +++ b/bootstrap_aws.yml @@ -1,6 +1,4 @@ --- - import_playbook: bootstrap_aws_vpc.yml -- import_playbook: bootstrap_aws_redis_cache.yml -- import_playbook: bootstrap_aws_redis_job.yml - import_playbook: bootstrap_aws_rds.yml diff --git a/bootstrap_aws_redis_cache.yml b/bootstrap_aws_redis_cache.yml deleted file mode 100644 index a7b0171..0000000 --- a/bootstrap_aws_redis_cache.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- hosts: localhost - gather_facts: False - - roles: - - role: aws_elasticache_pg_create - param_policy: allkeys-lfu - tags: aws_elasticache_pg_create - - - role: aws_elasticache_create - param_name: "cache" - param_policy: allkeys-lfu - param_instance_type: "{{ infra_redis_cache_instance_type }}" - tags: aws_elasticache_create diff --git a/bootstrap_aws_redis_job.yml b/bootstrap_aws_redis_job.yml deleted file mode 100644 index d2cd370..0000000 --- a/bootstrap_aws_redis_job.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- hosts: localhost - gather_facts: False - - roles: - - role: aws_elasticache_pg_create - param_policy: noeviction - tags: aws_elasticache_pg_create - - - role: aws_elasticache_create - param_name: "job" - param_policy: noeviction - param_instance_type: "{{ infra_redis_job_instance_type }}" - tags: aws_elasticache_create diff --git a/contribute_bootstrap.yml b/contribute_bootstrap.yml index b85cc38..9c3990a 100644 --- a/contribute_bootstrap.yml +++ b/contribute_bootstrap.yml @@ -3,9 +3,7 @@ - hosts: localhost gather_facts: False - tasks: - - name: Ensure credentials folder exist file: path: ../railway-credentials diff --git a/contribute_setup.yml b/contribute_setup.yml index 76f7ccf..885b377 100644 --- a/contribute_setup.yml +++ b/contribute_setup.yml @@ -24,12 +24,12 @@ - name: Copy development EC2 key pair to the project copy: src: ../railway-credentials/ansible-ec2-development.pem - dest: roles/aws_ec2_create/files/ansible-ec2-development.pem + dest: roles/aws/ec2_create/files/ansible-ec2-development.pem - name: Copy production EC2 key pair to the project copy: src: ../railway-credentials/ansible-ec2-production.pem - dest: roles/aws_ec2_create/files/ansible-ec2-production.pem + dest: roles/aws/ec2_create/files/ansible-ec2-production.pem - name: Copy the development deploy key to the project diff --git a/contribute_teardown.yml b/contribute_teardown.yml index 3f61708..431fec9 100644 --- a/contribute_teardown.yml +++ b/contribute_teardown.yml @@ -34,23 +34,23 @@ - name: Copy the development EC2 key pair to the credentials folder copy: - src: roles/aws_ec2_create/files/ansible-ec2-development.pem + src: roles/aws/ec2_create/files/ansible-ec2-development.pem dest: ../railway-credentials/ansible-ec2-development.pem - name: Clear development EC2 key pair copy: - content: 'Replace this file with your development EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws_ec2_create/files/ansible-ec2-development.pem"' - dest: roles/aws_ec2_create/files/ansible-ec2-development.pem + content: 'Replace this file with your development EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws/ec2_create/files/ansible-ec2-development.pem"' + dest: roles/aws/ec2_create/files/ansible-ec2-development.pem - name: Copy the production EC2 key pair to the credentials folder copy: - src: roles/aws_ec2_create/files/ansible-ec2-production.pem + src: roles/aws/ec2_create/files/ansible-ec2-production.pem dest: ../railway-credentials/ansible-ec2-production.pem - name: Clear production EC2 key pair copy: - content: 'Replace this file with your production EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws_ec2_create/files/ansible-ec2-production.pem"' - dest: roles/aws_ec2_create/files/ansible-ec2-production.pem + content: 'Replace this file with your production EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws/ec2_create/files/ansible-ec2-production.pem"' + dest: roles/aws/ec2_create/files/ansible-ec2-production.pem diff --git a/docs/CONTRIBUTE.MD b/docs/CONTRIBUTE.MD index 44830fb..42d1ab8 100644 --- a/docs/CONTRIBUTE.MD +++ b/docs/CONTRIBUTE.MD @@ -9,9 +9,9 @@ ansible-playbook contribute_bootstrap.yml ``` This playbook will: -1 - Create a `railway-credentials` folder in the same folder that you clone `railway` to; -2 - Make a copy of the placeholder development vault to `railway-credentials`; -3 - Make a copy of the placeholder production vault to `railway-credentials`; +1. Create a `railway-credentials` folder in the same folder that you cloned `railway` to; +2. Make a copy of the placeholder development vault to `railway-credentials`; +3. Make a copy of the placeholder production vault to `railway-credentials`; With this done, you can now go through STEP 5 of the INSTALL.MD file to get your credentials inserted. @@ -22,14 +22,14 @@ ansible-playbook contribute_teardown.yml ``` This playbook will: -1 - Copy your current development vault to `railway-credentials`; -2 - Copy the placeholder development vault back to this project; -3 - Copy your current production vault to `railway-credentials`; -4 - Copy the placeholder production vault back to this project; -5 - Copy your current development key pair to `railway-credentials`; -6 - Clear the development key pair file; -7 - Copy your current development key pair to `railway-credentials`; -8 - Clear the development key pair file; +1. Copy your current development vault to `railway-credentials`; +2. Copy the placeholder development vault back to this project; +3. Copy your current production vault to `railway-credentials`; +4. Copy the placeholder production vault back to this project; +5. Copy your current development key pair to `railway-credentials`; +6. Clear the development key pair file; +7. Copy your current development key pair to `railway-credentials`; +8. Clear the development key pair file; Then also run the teardown playbook to AWS, so it removes every resource that costs money: ```shell diff --git a/docs/FIRST_RUN.MD b/docs/FIRST_RUN.MD index be3c788..b709335 100644 --- a/docs/FIRST_RUN.MD +++ b/docs/FIRST_RUN.MD @@ -80,7 +80,7 @@ If you open `ami.yml` this is what you will see: Once again, if you don't care how this will happen, skip to 2.6. If you are actually interested in everything that goes into building a custom AMI, read on. #### 2.1 Setup -Creates an EC2 instance using the base Ubuntu 20.04 LTS. +Creates an EC2 instance using the base Ubuntu 22.04 LTS. 1. Find the subnet for the development environment; 2. Find the security group for the development environment; 3. Provision an EC2 instance with the name `railway-ec2-development-ami` using the `development` key pair; diff --git a/docs/INSTALL.MD b/docs/INSTALL.MD index 85606e8..e4a2b02 100644 --- a/docs/INSTALL.MD +++ b/docs/INSTALL.MD @@ -4,7 +4,7 @@ Before we start, let's set some expectations: **this is not going to be easy**. This is why I'll suggest that you use the [railway-app](https://github.com/FestaLab/railway_app) for your first deploy to AWS. It's a small rails app that has just enough functionality to ensure all parts of the setup are working. This way you can be sure that any problems you run into are related to Ansible or AWS, not something in your app that you forgot to configure in your app. -Also, this is not going to be cheap and it most definitely won't fit the free tier. This project is supposed to handle the devops of production app that. If you bring up both development and production environments, we are talking about, at a minimum, 6 EC2, 3 RDS, 4 elasticache, 2 Load Balancer, plus Cloudwatch. +Also, this is not going to be cheap and it most definitely won't fit the free tier. This project is supposed to handle the devops of production app that. Finally, if you are only checking Railway out of curiosity and would prefer to not have to uninstall everything by hand later, I recommend using Vagrant. In fact, everything I've written in these guides, I tested in a Vagrant box using `ubuntu/focal64`. @@ -249,7 +249,7 @@ aws_backup_bucket: railway-rds-backups #### 5.6 Insert and protect your deploy key Now we are going to start using the vaults and Ansible's file encryption to secure our keys and credentials. -In the folder `roles -> ansible_credentials -> app_bootstrap -> files` you will find two folders named `development` and `production` with an empty file called `deploy_id_rsa` inside. +In the folder `roles -> app_bootstrap -> files` you will find two folders named `development` and `production` with an empty file called `deploy_id_rsa` inside. Copy the content of the **private** deploy key you created on step 3 to BOTH of them. I know this sounds weird but there is a reason for that: every time you execute an Ansible playbook, it will ask for the password of the vault. It will then also use that password to decrypt every encrypted file it encounters. Since we are going to use different passwords for development and production, we also need to have the deploy key encrypted with two different password. @@ -264,8 +264,8 @@ ansible-vault encrypt roles/app_bootstrap/files/production/deploy_id_rsa In the folder `roles -> aws_ec2_create -> files` you will find two empty `.pem` files. Replace them with the EC2 keys we created in step 3.2, and encrypt them. ```shell -ansible-vault encrypt roles/aws_ec2_create/files/ansible-ec2-development.pem -ansible-vault encrypt roles/aws_ec2_create/files/ansible-ec2-production.pem +ansible-vault encrypt roles/aws/ec2_create/files/ansible-ec2-development.pem +ansible-vault encrypt roles/aws/ec2_create/files/ansible-ec2-production.pem ``` #### 5.8 Insert and protect the credentials of the IAM users and the certificate ARN @@ -299,11 +299,11 @@ ansible-vault encrypt roles/app_bootstrap/files/production/master.key ``` #### 5.10 Get the ID of the base Ubuntu LTS ami in your region -Go to `EC2 -> Launch Instance` and find the option that says "Ubuntu Server 20.04 LTS (HVM), SSD Volume Type". Right next to it are two AMI ids, one for x86 and one for ARM. Grab the x86 one. Currently, in US-EAST-1, that's `ami-09e67e426f25ce0d7`. +Go to `EC2 -> Launch Instance` and find the option that says "Ubuntu Server 22.04 LTS (HVM), SSD Volume Type". Right next to it are two AMI ids, one for x86 and one for ARM. Grab the x86 one. Currently, in US-EAST-1, that's `ami-09e67e426f25ce0d7`. Next, go into the global vars file of this project, located in `group_vars -> all -> vars`, and update the `aws_ami_id` var. ```shell -aws_ami_id: ami-09e67e426f25ce0d7 +aws_ami_id: ami-08c40ec9ead489470 ``` ### STEP 6: Run the bootstrap playbooks diff --git a/docs/THE_PARTS_OF_RAILWAY.MD b/docs/THE_PARTS_OF_RAILWAY.MD index 08365ff..ffa79a5 100644 --- a/docs/THE_PARTS_OF_RAILWAY.MD +++ b/docs/THE_PARTS_OF_RAILWAY.MD @@ -99,7 +99,7 @@ What makes it confusing is that Heroku creates and destroys instances so frequen It is perfectly fine to keep your servers around: - Railway has a playbook that you can run once in a while to update your servers without taking your app offline; - Logs are handled by `systemd` which imposes a limit on how much disk space they can use; -- The EC2 instances you will use have 2x (`c5`) or 4x (`m5`) more memory than `standard-2x` dynos and `jemalloc` pre installed, which should eliminate any memory related problems (unless your app has some serious leak); +- The EC2 instances you will use have 2x (`c6i`) or 4x (`m6i`) more memory than `standard-2x` dynos and `jemalloc` pre installed, which should eliminate any memory related problems (unless your app has some serious leak); ## Load Balancer Any production grade app should be running on at least two web servers so that if one fails, the other can keep serving requests while you solve the problem. Or, something that is much more probable: so that when you restart puma in one server during a deploy, the other keeps serving requests. This means that if you want requests to be distributed between all servers you have running, you will need something between them and the rest of the world. That's where the load balancer comes in. diff --git a/docs/customization/ANSIBLE_AWS.MD b/docs/customization/ANSIBLE_AWS.MD index 4333b09..b188a92 100644 --- a/docs/customization/ANSIBLE_AWS.MD +++ b/docs/customization/ANSIBLE_AWS.MD @@ -14,7 +14,7 @@ aws_redis_port: 6379 aws_postgres_version: "13" aws_postgres_version_id: postgres13 aws_region: us-east-1 -aws_ami_id: ami-09e67e426f25ce0d7 +aws_ami_id: ami-08c40ec9ead489470 # Ruby ruby_version: 3.0.1 @@ -40,7 +40,7 @@ The entries here should be self explanatory. They will tell Ansible which versio 1. The Ansible module for Elasticache does not support version 6 yet; 2. The AMI we create will come with the client for version 13 installed. If you change it here, you must change it there too; -3. I have only tested these playbooks on Ubuntu 20.04, so I'm not sure if they will work on another version. I'm 100% sure they will not work on another distro (like CentOS); +3. I have only tested these playbooks on Ubuntu 22.04, so I'm not sure if they will work on another version. I'm 100% sure they will not work on another distro (like CentOS); #### Ruby I've only tested the compilation of `3.0.1` in this project, but I have no reason to believe you would have any trouble with others. No matter the version you choose, Ansible will ensure its installed with `jemalloc`, which should greatly reduce your memory usage. diff --git a/group_vars/all/vars b/group_vars/all/vars index 1d75e37..2333ade 100644 --- a/group_vars/all/vars +++ b/group_vars/all/vars @@ -4,7 +4,7 @@ aws_postgres_version: "14" aws_postgres_version_id: postgres14 aws_region: us-east-1 -aws_ami_id: ami-0edc92075724775f7 +aws_ami_id: ami-08c40ec9ead489470 aws_backup_bucket: railway-rds-backups # Redis @@ -27,13 +27,14 @@ app_name: railway app_host: railway.festalab.com.br # Ansible stuff -config_vips_version: 8.13.0 -config_imagemagick_version: 7.1.0-45 -config_libjxl_version: 0.6.1 -config_libheif_version: 1.12.0 +config_vips_version: 8.13.3 +config_imagemagick_version: 7.1.0-50 +config_libjxl_version: main +config_libheif_version: 1.14.0 config_libspng_version: 0.7.2 -config_openjpeg_version: 2.4.0 -config_mozjpeg_version: 4.0.3 +config_openjpeg_version: 2.5.0 +config_mozjpeg_version: 4.1.1 config_node_version: 16 config_postgres_version: 14 config_postgres_repack_version: 1.4.7 +config_wkhtmltopdf_version: 0.12.6.1-2 diff --git a/roles/ami/buildtools/tasks/main.yml b/roles/ami/buildtools/tasks/main.yml index ca42cad..a9ada7a 100644 --- a/roles/ami/buildtools/tasks/main.yml +++ b/roles/ami/buildtools/tasks/main.yml @@ -18,13 +18,12 @@ - default-jre - gcc - gnupg2 - - libaom0 + - libaom3 - libde265-0 - libsystemd-dev - libtool - lsb-release - make - - meson - nasm - pkg-config - shared-mime-info @@ -52,6 +51,7 @@ - libffi-dev - libfftw3-dev - libgif-dev + - libgirepository1.0-dev - libglib2.0-dev - libgsf-1-dev - libgsf-1-dev @@ -75,4 +75,5 @@ - libxml2-dev - libxslt1-dev - libyaml-dev + - libzstd-dev - zlib1g-dev diff --git a/roles/ami/ffmpeg/tasks/main.yml b/roles/ami/ffmpeg/tasks/main.yml index 82f84bf..149910b 100644 --- a/roles/ami/ffmpeg/tasks/main.yml +++ b/roles/ami/ffmpeg/tasks/main.yml @@ -16,7 +16,13 @@ remote_src: True - name: Move the binary - command: mv ~/ffmpeg-5.0.1-amd64-static/{{ item }} /usr/local/bin + command: mv ~/ffmpeg-5.1.1-amd64-static/{{ item }} /usr/local/bin with_items: - ffmpeg - ffprobe + +- name: Cleanup + file: + path: ~/ffmpeg-5.1.1-amd64-static + state: absent + diff --git a/roles/ami/libjxl/tasks/main.yml b/roles/ami/libjxl/tasks/main.yml index 37ed18e..ba74dd6 100644 --- a/roles/ami/libjxl/tasks/main.yml +++ b/roles/ami/libjxl/tasks/main.yml @@ -23,13 +23,13 @@ - name: Download libjxl unarchive: - src: https://gitlab.com/wg1/jpeg-xl/-/archive/v{{ config_libjxl_version }}/jpeg-xl-v{{ config_libjxl_version }}.tar.gz + src: https://gitlab.com/wg1/jpeg-xl/-/archive/{{ config_libjxl_version }}/jpeg-xl-{{ config_libjxl_version }}.tar.gz dest: ~/ remote_src: True - name: Create build folder file: - path: ~/jpeg-xl-v{{ config_libjxl_version }}/build + path: ~/jpeg-xl-{{ config_libjxl_version }}/build state: directory owner: app mode: 0755 @@ -37,12 +37,12 @@ - name: Run bash script to download dependencies command: ./deps.sh args: - chdir: ~/jpeg-xl-v{{ config_libjxl_version }} + chdir: ~/jpeg-xl-{{ config_libjxl_version }} - name: Compile libjxl command: "{{ item }}" args: - chdir: ~/jpeg-xl-v{{ config_libjxl_version }}/build + chdir: ~/jpeg-xl-{{ config_libjxl_version }}/build with_items: - "cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF .." - "cmake --build . -- -j{{ ansible_processor_vcpus }}" @@ -71,7 +71,7 @@ - name: Cleanup file: - path: ~/jpeg-xl-v{{ config_libjxl_version }} + path: ~/jpeg-xl-{{ config_libjxl_version }} state: absent owner: app mode: 0755 diff --git a/roles/ami/libspng/tasks/main.yml b/roles/ami/libspng/tasks/main.yml index 60b4ba7..0d62a21 100644 --- a/roles/ami/libspng/tasks/main.yml +++ b/roles/ami/libspng/tasks/main.yml @@ -11,7 +11,7 @@ args: chdir: ~/libspng-{{ config_libspng_version }} with_items: - - meson build + - meson build --buildtype=release - name: Compile libspng command: "{{ item }}" @@ -19,6 +19,7 @@ chdir: ~/libspng-{{ config_libspng_version }}/build with_items: - ninja + - ninja test - ninja install - name: Cleanup diff --git a/roles/ami/libvips/tasks/main.yml b/roles/ami/libvips/tasks/main.yml index 1ac0cea..dbe4b8d 100644 --- a/roles/ami/libvips/tasks/main.yml +++ b/roles/ami/libvips/tasks/main.yml @@ -6,14 +6,21 @@ dest: ~/ remote_src: True -- name: Compile vips +- name: Create vips build command: "{{ item }}" args: chdir: ~/vips-{{ config_vips_version }} with_items: - - ./configure - - make - - make install + - meson setup build --buildtype=release + +- name: Compile vips + command: "{{ item }}" + args: + chdir: ~/vips-{{ config_vips_version }}/build + with_items: + - ninja + - ninja test + - ninja install - name: Cleanup file: diff --git a/roles/ami/log/tasks/main.yml b/roles/ami/log/tasks/main.yml new file mode 100644 index 0000000..302b633 --- /dev/null +++ b/roles/ami/log/tasks/main.yml @@ -0,0 +1,41 @@ +--- + +# Use the command below to debug errors +# logrotate /etc/logrotate.d/rsyslog --debug + +# Global logrotate +- lineinfile: + dest: "/etc/logrotate.conf" + state: present + regexp: "weekly" + line: "daily" + +- lineinfile: + dest: "/etc/logrotate.conf" + state: present + regexp: "rotate 4" + line: "rotate 2" + + # Syslog logrotate +- lineinfile: + dest: "/etc/logrotate.d/rsyslog" + state: present + regexp: "weekly" + line: " daily" + +- lineinfile: + dest: "/etc/logrotate.d/rsyslog" + state: present + regexp: "rotate 4" + line: " rotate 2" + +- lineinfile: + dest: "/etc/logrotate.d/rsyslog" + state: absent + regexp: "su root admin" + +- lineinfile: + dest: "/etc/logrotate.d/rsyslog" + state: present + regexp: "{" + line: "{\n su root adm" diff --git a/roles/ami/openjpeg/tasks/main.yml b/roles/ami/openjpeg/tasks/main.yml index 2ad1bdb..f08f859 100644 --- a/roles/ami/openjpeg/tasks/main.yml +++ b/roles/ami/openjpeg/tasks/main.yml @@ -20,7 +20,7 @@ with_items: - "cmake .. -DCMAKE_BUILD_TYPE=Release" - make - - make install + - "make install" - name: Cleanup file: diff --git a/roles/ami/pdf/tasks/main.yml b/roles/ami/pdf/tasks/main.yml index 6e7994b..384f20e 100644 --- a/roles/ami/pdf/tasks/main.yml +++ b/roles/ami/pdf/tasks/main.yml @@ -1,5 +1,19 @@ --- +- name: Download wkhtmltopdf + get_url: + url: https://github.com/wkhtmltopdf/packaging/releases/download/{{ config_wkhtmltopdf_version }}/wkhtmltox_{{ config_wkhtmltopdf_version }}.jammy_amd64.deb + dest: ~/wkhtmltox_{{ config_wkhtmltopdf_version }}.jammy_amd64.deb + +- name: Install wkhtmltopdf + apt: + deb: ~/wkhtmltox_{{ config_wkhtmltopdf_version }}.jammy_amd64.deb + +- name: Cleanup + file: + path: ~/wkhtmltox_{{ config_wkhtmltopdf_version }}.jammy_amd64.deb + state: absent + - name: Install PDF libs apt: name: "{{ packages }}" @@ -20,5 +34,4 @@ update_cache: False vars: packages: - - wkhtmltopdf - poppler-utils diff --git a/roles/ami/python/tasks/main.yml b/roles/ami/python/tasks/main.yml index e0fb3f5..2d55dcb 100644 --- a/roles/ami/python/tasks/main.yml +++ b/roles/ami/python/tasks/main.yml @@ -13,3 +13,5 @@ - boto3 - botocore - psycopg2-binary + - ninja + - meson==0.61 diff --git a/roles/aws_ami_create/tasks/main.yml b/roles/ami/snapshot/tasks/main.yml similarity index 100% rename from roles/aws_ami_create/tasks/main.yml rename to roles/ami/snapshot/tasks/main.yml diff --git a/roles/aws_cloudwatch/files/common-config.toml b/roles/aws/cloudwatch/files/common-config.toml similarity index 100% rename from roles/aws_cloudwatch/files/common-config.toml rename to roles/aws/cloudwatch/files/common-config.toml diff --git a/roles/aws_cloudwatch/tasks/main.yml b/roles/aws/cloudwatch/tasks/main.yml similarity index 100% rename from roles/aws_cloudwatch/tasks/main.yml rename to roles/aws/cloudwatch/tasks/main.yml diff --git a/roles/aws_cloudwatch/templates/config.j2 b/roles/aws/cloudwatch/templates/config.j2 similarity index 100% rename from roles/aws_cloudwatch/templates/config.j2 rename to roles/aws/cloudwatch/templates/config.j2 diff --git a/roles/aws_cloudwatch/templates/credentials.j2 b/roles/aws/cloudwatch/templates/credentials.j2 similarity index 100% rename from roles/aws_cloudwatch/templates/credentials.j2 rename to roles/aws/cloudwatch/templates/credentials.j2 diff --git a/roles/aws_ec2_create/files/ansible-ec2-development.pem b/roles/aws/ec2_create/files/ansible-ec2-development.pem similarity index 57% rename from roles/aws_ec2_create/files/ansible-ec2-development.pem rename to roles/aws/ec2_create/files/ansible-ec2-development.pem index c984aea..2162e08 100644 --- a/roles/aws_ec2_create/files/ansible-ec2-development.pem +++ b/roles/aws/ec2_create/files/ansible-ec2-development.pem @@ -1 +1 @@ -Replace this file with your development EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws_ec2_create/files/ansible-ec2-development.pem" \ No newline at end of file +Replace this file with your development EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws/ec2_create/files/ansible-ec2-development.pem" \ No newline at end of file diff --git a/roles/aws_ec2_create/files/ansible-ec2-production.pem b/roles/aws/ec2_create/files/ansible-ec2-production.pem similarity index 57% rename from roles/aws_ec2_create/files/ansible-ec2-production.pem rename to roles/aws/ec2_create/files/ansible-ec2-production.pem index e8d6ef1..1a6129f 100644 --- a/roles/aws_ec2_create/files/ansible-ec2-production.pem +++ b/roles/aws/ec2_create/files/ansible-ec2-production.pem @@ -1 +1 @@ -Replace this file with your production EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws_ec2_create/files/ansible-ec2-production.pem" \ No newline at end of file +Replace this file with your production EC2 key pair and encrypt it with "ansible-vault encrypt roles/aws/ec2_create/files/ansible-ec2-production.pem" \ No newline at end of file diff --git a/roles/aws_ec2_create/tasks/main.yml b/roles/aws/ec2_create/tasks/main.yml similarity index 97% rename from roles/aws_ec2_create/tasks/main.yml rename to roles/aws/ec2_create/tasks/main.yml index b6575c7..11a915d 100644 --- a/roles/aws_ec2_create/tasks/main.yml +++ b/roles/aws/ec2_create/tasks/main.yml @@ -17,7 +17,7 @@ - name: Provisioning {{ param_exact_count }} {{ param_instance_type }} instance(s) tagged as {{ app_name }}-ec2-{{ ansible_environment }}-{{ param_name }} amazon.aws.ec2: assign_public_ip: yes - key_name: "ansible-ec2-development" + key_name: "ansible-ec2-{{ ansible_environment }}" instance_type: "{{ param_instance_type }}" image: "{{ param_ami_id }}" instance_profile_name: "{{ app_name }}-iam-ec2-role" diff --git a/roles/aws_ec2_destroy/tasks/main.yml b/roles/aws/ec2_destroy/tasks/main.yml similarity index 100% rename from roles/aws_ec2_destroy/tasks/main.yml rename to roles/aws/ec2_destroy/tasks/main.yml diff --git a/setup_control_ec2.yml b/setup_control_ec2.yml index c8c8494..3e50b0d 100644 --- a/setup_control_ec2.yml +++ b/setup_control_ec2.yml @@ -14,7 +14,7 @@ ami: "{{ register_ami_info.images | sort(attribute='creation_date', reverse = True) | first }}" roles: - - role: aws_ec2_create + - role: aws/ec2_create param_name: "control" param_instance_type: "{{ infra_ec2_control_instance_type }}" param_ami_id: "{{ ami.image_id }}" diff --git a/setup_web_ec2.yml b/setup_web_ec2.yml index 859d21a..584d95e 100644 --- a/setup_web_ec2.yml +++ b/setup_web_ec2.yml @@ -14,7 +14,7 @@ ami: "{{ register_ami_info.images | sort(attribute='creation_date', reverse = True) | first }}" roles: - - role: aws_ec2_create + - role: aws/ec2_create param_name: "webserver" param_instance_type: "{{ infra_ec2_web_instance_type }}" param_ami_id: "{{ ami.image_id }}" diff --git a/setup_worker_ec2.yml b/setup_worker_ec2.yml index 2414f82..4b061f9 100644 --- a/setup_worker_ec2.yml +++ b/setup_worker_ec2.yml @@ -14,7 +14,7 @@ ami: "{{ register_ami_info.images | sort(attribute='creation_date', reverse = True) | first }}" roles: - - role: aws_ec2_create + - role: aws/ec2_create param_name: "worker" param_instance_type: "{{ infra_ec2_worker_instance_type }}" param_ami_id: "{{ ami.image_id }}" diff --git a/teardown_aws.yml b/teardown_aws.yml index 944d8af..ca02046 100644 --- a/teardown_aws.yml +++ b/teardown_aws.yml @@ -28,7 +28,7 @@ param_name: "job" tags: aws_elasticache_destroy - - role: aws_ec2_destroy + - role: aws/ec2_destroy param_instance_id: "{{ ec2_instances }}" tags: aws_elasticache_destroy