Skip to content

Improve change tracking #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
matt17r wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Improve change tracking #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
2192010
"Create" user idempotently
matt17r Dec 11, 2020
fc8f3db
Don't change any metadata when touching existing file
matt17r Dec 11, 2020
0a0d726
Move cache updates into apt install tasks and check for package changes
matt17r Dec 11, 2020
5b0b279
Source not needed? (And not idempotent!)
matt17r Dec 11, 2020
477c479
Check if bundler is needed before installing
matt17r Dec 11, 2020
6a93f0b
Prevent intermittent issue with task erroneously reporting "changed"
matt17r Dec 11, 2020
cf0618a
Add `creates:` to `enable-linger` command to check for changes
matt17r Dec 11, 2020
9382912
Change fail and ignore checks to `failed_when`
matt17r Dec 11, 2020
7e45a45
Remove explicit nginx restart in favour of handler
matt17r Dec 11, 2020
557b322
Fix restart nginx handler
matt17r Dec 12, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 42 additions & 29 deletions server-provision.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,6 @@
vars_files:
- vars/vars.yml

pre_tasks:
- name: Update apt cache if needed.
apt: update_cache=yes cache_valid_time=3600

handlers:
- name: restart sshd
service:
Expand All @@ -19,7 +15,7 @@
- name: Create the user for deployment purpose
user:
name: "{{ deploy_user }}"
password: "{{ deploy_user_password | password_hash('sha512') }}"
password: "{{ deploy_user_password | password_hash('sha512', deploy_user_salt ) }}"
groups:
- sudo
state: present
Expand All @@ -38,14 +34,15 @@
notify:
- restart sshd

- name: Get software for apt repository management.
- name: Get base software for apt repository management.
apt:
state: present
name:
- python3-apt
- python3-pycurl
- apt-transport-https
- gnupg2
update_cache: yes

- name: Add chris lea repository for redis
apt_repository: repo='ppa:chris-lea/redis-server' update_cache=yes
Expand Down Expand Up @@ -77,6 +74,8 @@
owner: root
mode: 0644
state: touch
modification_time: preserve
access_time: preserve

- name: Ensure Debian package is in sources list for Yarn
lineinfile:
Expand All @@ -85,10 +84,6 @@
line: 'deb http://dl.yarnpkg.com/debian/ stable main'
state: present

- name: Update apt cache
apt:
update_cache: yes

- name: Install dependencies for compiling Ruby along with Node.js and Yarn
apt:
state: present
Expand All @@ -115,6 +110,9 @@
- redis-tools
- nodejs
- yarn
update_cache: yes
register: apt_output
changed_when: "not '0 upgraded, 0 newly installed, 0 to remove' in apt_output.stdout"
Copy link
Owner

@cupnoodle cupnoodle Dec 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried running this script second time on a provisioned server, this part fails as the apt_output dictionary doesn't contain this message.

Screenshot 2020-12-12 at 5 30 15 PM

This is how the apt_output variable looks like when I use debug module to show its output

Screenshot 2020-12-12 at 5 39 54 PM

Copy link
Author

@matt17r matt17r Dec 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm... I thought I had that bit working reliably on both first install and subsequent runs but I thought I got rid of the text search of stdout.

I did keep getting myself mixed up in git trying to keep these changes separate from my own changes separate from let's encrypt changes. Based on your result perhaps the changed_when: isn't necessary?

Copy link
Owner

@cupnoodle cupnoodle Dec 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see, I tried running the apt part on a provisioned server, Ansible seems smart enough to not run the apt installation step again, and got a "OK" instead of "changed". I think it should be safe to remove the changed_when here

Copy link
Author

@matt17r matt17r Dec 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool... do you want me to make those changes?

Also, a referral code for Digital Ocean would be good! I think I've had an account there in the past but it was ages ago and I never used it so no harm trying again.


- name: Log in as deploy user and setup ruby, passenger and nginx
hosts: web
Expand All @@ -127,7 +125,9 @@

handlers:
- name: restart nginx
service: name=nginx state=restarted
service:
name: nginx
state: reloaded

- name: restart postgresql
service:
Expand Down Expand Up @@ -166,40 +166,51 @@
- name: Clone rbenv vars
git: repo=git://github.com/rbenv/rbenv-vars.git dest=~{{ deploy_user }}/.rbenv/plugins/rbenv-vars

- name: source bashrc
shell: . /home/{{ deploy_user }}/.bashrc

- name: check ruby {{ ruby_version }} is installed for system
shell: "/home/{{ deploy_user }}/.rbenv/bin/rbenv versions | grep {{ruby_version}}"
shell: "/home/{{ deploy_user | quote }}/.rbenv/bin/rbenv versions | grep {{ ruby_version | quote }}"
register: ruby_installed
failed_when: ruby_installed.rc == 2
changed_when: false
ignore_errors: yes
check_mode: no

- name: rbenv install ruby
command: "/home/{{ deploy_user }}/.rbenv/bin/rbenv install --verbose {{ruby_version}}"
command: "/home/{{ deploy_user }}/.rbenv/bin/rbenv install --verbose {{ ruby_version }}"
when:
- ruby_installed.rc != 0
async: 3600
poll: 10

- name: check if current system ruby version is {{ ruby_version }}
shell: "/home/{{ deploy_user }}/.rbenv/bin/rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ ruby_version }}'"
shell: "/home/{{ deploy_user | quote }}/.rbenv/bin/rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ ruby_version | quote }}'"
register: current_ruby_selected
failed_when: ruby_installed.rc == 2
changed_when: false
ignore_errors: yes
check_mode: no

- name: rbenv set global ruby version and rehash
command: "/home/{{ deploy_user }}/.rbenv/bin/rbenv global {{ruby_version}} && rbenv rehash"
when:
- current_ruby_selected.rc != 0

- name: 'install bundler v1'
- name: Check if Bundler v1.17.3 is installed
command: "/home/{{ deploy_user }}/.rbenv/shims/gem list -i -e -v '1.17.3' bundler"
register: bundlerv1_installed
changed_when: False
failed_when: bundlerv1_installed.stderr | length > 0

- name: "Install bundler v1.17.3 if required (currently installed: {{ bundlerv1_installed.stdout }})"
command: "/home/{{ deploy_user }}/.rbenv/shims/gem install bundler -v 1.17.3"
when: bundlerv1_installed.stdout == "false"

- name: 'install bundler v2'
- name: Check if Bundler v2 is installed
command: "/home/{{ deploy_user }}/.rbenv/shims/gem list -i -e -v '~> 2.0' bundler"
register: bundlerv2_installed
changed_when: False
failed_when: bundlerv2_installed.stderr | length > 0

- name: "Install bundler v2 if required (currently installed: {{ bundlerv2_installed.stdout }})"
command: "/home/{{ deploy_user }}/.rbenv/shims/gem install bundler"
when: bundlerv2_installed.stdout == "false"

- name: Add Passenger apt key.
apt_key:
Expand Down Expand Up @@ -231,6 +242,8 @@
src: /usr/share/nginx/modules-available/mod-http-passenger.load
dest: /etc/nginx/modules-enabled/50-mod-http-passenger.conf
state: link
notify:
- restart nginx

- name: Ask Passenger to use the Rbenv ruby
lineinfile:
Expand All @@ -245,22 +258,20 @@
template:
src: templates/nginx_app.conf.j2
dest: /etc/nginx/sites-enabled/{{ app_name }}
register: nginx_conf # not necessary but without this I get intermittent issues with the task reporting it changed
become: true
become_user: root
notify:
- restart nginx

- name: Ensure default virtual host is removed.
file:
path: /etc/nginx/sites-enabled/default
state: absent
become: true
become_user: root

- name: Restart nginx service
service:
name: nginx
state: restarted
become: true
become_user: root
notify:
- restart nginx

- name: Let deploy user restart passenger without sudo
template:
Expand Down Expand Up @@ -334,4 +345,6 @@
dest: "/home/{{ deploy_user }}/.config/systemd/user/sidekiq.service"

- name: enable linger for user service
command: "loginctl enable-linger {{ deploy_user }}"
command:
cmd: "loginctl enable-linger {{ deploy_user }}"
creates: "/var/lib/systemd/linger/{{ deploy_user }}"
1 change: 1 addition & 0 deletions vars/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ app_name: 'cool'

deploy_user: 'deploy'
deploy_user_password: 'correcthorsebatterystapler'
deploy_user_salt: '78d8b6ff622c9fa4'

# The path to your local public key file (ie. your current computer)
deploy_user_public_key_local_path: '~/.ssh/id_rsa.pub'
Expand Down