[Feature] Bare Metal Ansible Setup

• I have summed up the feature in concise words in the Summary section.
• I have completely described the feature in the Description section.

Summary

We should maintain a script that can be used to deploy the aurweb tree to a bare metal system. We're currently doing this through Docker, but, aur.archlinux.org does not use Docker nor should we require Docker for ease-of-use.

Description

Our process, roughly:

• Pacman dependency installation (this may want to be omitted when used through ansible).
• Poetry project installation
• Translation compilation
• Setup AUR git repository if it does not yet exist
  • Also, setup a hooks/update wrapper which calls aurweb-git-update via poetry run.
• Update config.defaults
  • We should require that the deploy target has a valid $AUR_CONFIG, which should probably be defaulted to /etc/aurweb/config.
• Configure sshd, update aurweb-git-auth wrapper
• Restart sshd.service
• Restart redis.service
• Restart mariadb.service and create user 'aur'@'localhost' with the right DB if it doesn't exist.
• Create aurweb.service which launches aurweb asgi via aurweb.spawn or gunicorn.
  • See docker/scripts/run-fastapi.sh
• Produce nginx config to be used with deployment
  • Restart nginx.service

The aur.archlinux.org ansible playbook is located at https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/playbooks/aur.archlinux.org.yml and we should produce merge requests to update it as needed.

changed milestone to %Python/FastAPI

added feature python todo labels

changed the description

changed the description

assigned to @kevr

changed the description

changed the description

script

Is there a reason all of this can't be done with Ansible too?

Is there a reason all of this can't be done with Ansible too?

It can. The reason I wanted to set this up primarily in bash scripts is so that we would maintain a consistent deployment system regardless of ansible being usable or not.

Primarily: attempting to nail two birds with one stone here; this script (or set of scripts) should be easily pluggable into ansible to achieve desired deployment on aur.archlinux.org. This way, we could use it through ansible, but users could also use them without ansible on their own.

So, for example, the ansible configuration for aur.archlinux.org does a few things like installing dependencies, setting up other services, but, to deploy up-to-date code, we still need a way to go through the process of checking out and pulling whatever specified branch, then updating things like the translation files (via compilation), merge into any changes to conf/config.defaults, and anything else like this.

In addition, it would be nice if we could automate setting up some stuff like the git repository if it does not yet exist.

Note: We should probably lock the user that actually hosts fastapi to the aur user, so we can blanket deal with ownership through aur.

Alright, so, dev-ops wants this done simplify in infra without any sort of submoduling; their implementation for aur.archlinux.org's ansible playbook is already quite close to what we need. We'll be just working on that.

I'd like to produce a pure deploy script post-port, but for now, let's not spend the time.

changed the description

assigned to @fluix

unassigned @fluix

changed title from [Feature] Bare Metal Deployment Script to [Feature] Bare Metal Ansible Setup

changed the description

closed