First draft - deploy with ansible

Dockerfile-deploy

@@ -0,0 +1,7 @@
+FROM ubuntu:20.04
+
+RUN apt-get update
+RUN apt-get install -y ansible vim
+
+WORKDIR /srv/source
+ADD . /srv/source

ansible/ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+inventory = ./inventories/test
+host_key_checking = False
+roles_path = ./.roles
+vault_password_file = ~/.cambiatus_ansible_pass
+callback_enabled = profile_tasks
+[ssh_connection]
+pipelining = True

ansible/deploy.yml

@@ -0,0 +1,18 @@
+---
+- hosts: eventsource
+  name: Setup ntp and configure basic security
+  become: yes
+  roles:
+    - geerlingguy.ntp
+
+- hosts: 127.0.0.1
+  become: no
+  name: Build app
+  roles:
+    - build
+
+- hosts: eventsource
+  become: yes
+  name: Install event-source app
+  roles:
+    - eventsource

ansible/inventories/production/hosts

@@ -0,0 +1,7 @@
+[eventsource]
+54.242.115.39 private_ip=172.31.44.52
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
+ansible_ssh_user=ubuntu
+ansible_ssh_private_key_file=~/.ssh/new-cambiatus-prod.pem

ansible/inventories/staging/group_vars/all

@@ -0,0 +1,31 @@
+$ANSIBLE_VAULT;1.1;AES256
+61623531626362613538613234643561656231643731306161663662326335363133643235396162
+3731303765666137663431386637336564353237623330320a613831623633626435653138343832
+64326665646637383631333864373936373964323561326533626235313762373630663633353739
+3963333465363836320a333265643432313463313730363264386565356163366165663264313733
+34383664656436346265303235356161653938666632386262393833336264336537646234353432
+32616665343734363837373833346533313031383266666537643731346664633532383838323633
+63333936623438376165346366303339646662303833353735656261626235316334373534383462
+38346132383435626339373331633435336532363036313965626237333964376361393339393061
+34643566353036616665363935663336303833373531623034346533353664646239326134366462
+66393562636432343163616166336133386461373535623831636164663430303733653739643963
+37616362316638373936616163656366653939613338386239316464653338393764643333646664
+64383461303834666635663563303136303538343266396134623664323335626536623430373263
+38373937323034366338376262363763323664343032373336353066313538343038666366626165
+64326635346565336266393035303533316537613831303830343138653965353537393132343139
+30303031303936623932323837636332326330363766643231356663663936336335353762306530
+33383637393733616361623837343531386636633861626662343138623539653630613430663865
+38663164363764383363633565623637393565613562623964303864356461306636626363323164
+63326561656666616138363266333034636561323338653362376436393237393666376530633131
+66346237656663653130326136633664623034306434623730353366386139633934326439663933
+31613965373836386130336334636331393063666664626539356564633161393862653363643235
+31346137303239653132313466386639613466326431613635316432613734326534656165343666
+32343436396465626363613334343261313731643365396666663635306262396530336333303038
+62353530333263663561636131336530623336653563623963623531623763663839356639366331
+34663534373463353332303561306337653164306430393562336166663834346633313231653730
+37363433343363323663383964633339646661323361366564633531306432323231623763353233
+37316434383964333034383962616561396364336162663034663834323465656535626331303131
+64336135626334393632316335353363653534346633623138376334306338643065323933306639
+66306333613761333938326137633033636534643961663063393531353836623164363937356333
+36373936636130626335313835336438633131623338323262393530383731353262326662336664
+3134353838663934353062613066383666306331646237633032

ansible/inventories/staging/hosts

@@ -0,0 +1,7 @@
+[eventsource]
+54.242.115.39 private_ip=172.31.44.52
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
+ansible_ssh_user=ubuntu
+ansible_ssh_private_key_file=~/.ssh/new-cambiatus-prod.pem

ansible/requirements.yml

@@ -0,0 +1,7 @@
+---
+- src: geerlingguy.ntp
+  version: 2.3.0
+
+- src: geerlingguy.security
+  version: 2.0.1
+

ansible/roles/build/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+- name: Install GPG
+  apt:
+    name: gpg
+    state: present
+- name: "Add nodejs apt key"
+  apt_key:
+    url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+    state: present
+- name: "Add nodejs 16.x ppa for apt repo"
+  apt_repository:
+    repo: deb https://deb.nodesource.com/node_16.x focal main
+    update_cache: yes
+- name: Ensure apt-transport-https is installed
+  apt:
+    name: apt-transport-https
+
+- name: Add Yarn apt key
+  apt_key:
+    url: https://dl.yarnpkg.com/debian/pubkey.gpg
+
+- name: Add Yarn repository
+  apt_repository:
+    repo: "deb https://dl.yarnpkg.com/debian/ stable main"
+    filename: yarn
+- name: Install dependencies
+  apt:
+    pkg: "{{ packages }}"
+    state: present
+    # install_recommends: no
+    update_cache: yes
+  vars:
+    packages:
+      - libpq-dev
+      - make
+      - g++
+      - nodejs
+      - yarn
+      - rsync
+      - vim
+- name: Install app dependencies
+  yarn:
+    path: /srv/source/
+  environment:
+    NODE_ENV: prod
+    LC_ALL: en_US.UTF-8
+    LANG: en_US.UTF-8
+    LANGUAGE: en_US.UTF-8

ansible/roles/eventsource/tasks/main.yml

@@ -0,0 +1,84 @@
+---
+- name: "Add nodejs apt key"
+  apt_key:
+    url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+    state: present
+
+- name: "Add nodejs 16.x ppa for apt repo"
+  apt_repository:
+    repo: 'deb https://deb.nodesource.com/node_{{ node_version }}.x focal main'
+    update_cache: yes
+
+- name: Ensure apt-transport-https is installed
+  apt:
+    name: apt-transport-https
+
+- name: Add Yarn apt key
+  apt_key:
+    url: https://dl.yarnpkg.com/debian/pubkey.gpg
+
+- name: Add Yarn repository
+  apt_repository:
+    repo: "deb https://dl.yarnpkg.com/debian/ stable main"
+    filename: yarn
+
+- name: Install dependencies
+  apt:
+    pkg: "{{ packages }}"
+    state: present
+    install_recommends: no
+    update_cache: yes
+  vars:
+    packages:
+      - libpq5
+      - nodejs
+      - yarn
+      - rsync
+      - vim
+
+- name: Move source to server
+  synchronize:
+    src: ../../
+    recursive: yes
+    dest: /srv/event-source
+
+- name: Add eventsource group
+  group:
+    name: '{{ cambiatus_app_group }}'
+    gid: '{{ cambiatus_app_gid }}'
+    state: present
+
+- name: Add eventsource user
+  user:
+    name: '{{ cambiatus_app_user }}'
+    group: '{{ cambiatus_app_group }}'
+    system: yes
+    home: '{{ cambiatus_home_dir }}'
+    uid: '{{ cambiatus_app_uid }}'
+    state: present
+
+- name: Push env vars
+  template:
+    src: default.j2
+    dest: '/etc/default/{{ cambiatus_app_name }}'
+    owner: '{{ cambiatus_app_user }}'
+    mode: '600'
+
+- name: Create eventsource systemd service file
+  template:
+    src: service.j2
+    dest: '/lib/systemd/system/{{ cambiatus_app_name }}.service'
+
+- name: change owner
+  file:
+    path: '{{ cambiatus_home_dir }}'
+    owner: '{{ cambiatus_app_user }}'
+    group: '{{ cambiatus_app_group }}'
+    recurse: yes
+
+- name: Enable and start systemd unit
+  systemd:
+    name: event-source
+    state: started
+    enabled: yes
+    daemon_reload: yes

ansible/roles/eventsource/templates/default.j2

@@ -0,0 +1,10 @@
+NODE_ENV={{ node_env }}
+BLOCKCHAIN_INIT_BLOCK={{ blockchain_init_block }}
+BLOCKCHAIN_TOKEN_CONTRACT={{ blockchain_token_contract }}
+BLOCKCHAIN_COMMUNITY_CONTRACT={{ blockchain_community_contract }}
+BLOCKCHAIN_URL={{ blockchain_url }}
+DB_USER={{ db_user }}
+DB_PASS={{ db_pass }}
+DB_HOST={{ db_host }}
+DB_NAME={{ db_name }}
+EVENT_SOURCE_HTTP_PORT={{ event_source_http_port }}

ansible/roles/eventsource/templates/service.j2

@@ -0,0 +1,23 @@
+[Unit]
+Description=Cambiatus Event Source
+After=network.target
+
+[Service]
+Type=simple
+TimeoutSec=120
+RestartSec=5
+Restart=on-failure
+User={{ cambiatus_app_user }}
+Group={{ cambiatus_app_group }}
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier={{ cambiatus_app_name }}
+
+Environment=HOME={{ cambiatus_home_dir }}
+EnvironmentFile=/etc/default/{{ cambiatus_app_name }}
+WorkingDirectory={{ cambiatus_home_dir }}
+
+ExecStart=/usr/bin/yarn start
+
+[Install]
+WantedBy=multi-user.target

docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+  web:
+    build:
+      context: .
+      dockerfile: Dockerfile-deploy
+    volumes:
+      - .:/srv/source