Update deployment for alts-scheduler (#183)

anfimovdm · web-flow · commit 61a73d900e74 · 2025-11-07T13:31:05.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -146,3 +146,7 @@ deployment/*vars*.yaml
 
 # Ignore venvs of all kind
 *venv
+
+# Ignore Ansible dependencies
+deployment/roles/geerlingguy.redis
+deployment/roles/geerlingguy.docker
diff --git a/deployment/group_vars/scheduler b/deployment/group_vars/scheduler
@@ -1,7 +1,11 @@
 ---
 
-test_system_user: test-system
-test_system_vhost: test_system
+# Firewall management (set to false for cloud instances using security groups)
+manage_firewall: false
+
+broker_type: rabbitmq
+test_system_user: albs
+test_system_vhost: alts
 test_system_password: some-another-secret-password
 test_system_config_dir: ~/.config/alts
 
@@ -12,14 +16,28 @@ rabbitmq_ssl_port: 5671
 celery_ssl: true
 celery_ssl_src_certificate: "files/celery/client_certificate.pem"
 celery_ssl_src_key: "files/celery/client_key.pem"
-celery_src_cacert: "files/ca_certificate.pem"
+celery_src_cacert: "files/celery/ca_certificate.pem"
 celery_ssl_dir: "{{ test_system_config_dir }}/ssl"
 celery_ssl_certificate: "{{ celery_ssl_dir }}/{{ celery_ssl_src_certificate | basename }}"
 celery_ssl_key: "{{ celery_ssl_dir }}/{{ celery_ssl_src_key | basename }}"
 celery_cacert: "{{ celery_ssl_dir }}/{{ celery_src_cacert | basename }}"
 
-result_backend_name: local
-celery_result_folder: /srv/celery_results
+# Redis configuration for result backend (geerlingguy.redis role variables)
+redis_bind_interface: 0.0.0.0
+redis_port: 6379
+# redis_requirepass: ""  # Uncomment and set if you need password authentication
+# redis_maxmemory: 512mb
+# redis_maxmemory_policy: allkeys-lru
+
+# Celery result backend configuration
+result_backend_name: redis
+alts_redis_host: localhost
+alts_redis_port: 6379
+alts_redis_results_db: 1
+
+# Legacy local result backend (not used with Redis)
+# result_backend_name: local
+# celery_result_folder: /srv/celery_results
 
 celery_pid_file_dir: /var/run/celery
 celery_pid_file: "{{ celery_pid_file_dir }}/worker.pid"
@@ -30,3 +48,6 @@ celery_queues:
 
 scheduler_working_directory: /srv/alts/scheduler
 jwt_secret: very-secret-on5
+broker_pool: 30
+worker_prefetch_multiplier: 1
+result_expires: 3600
diff --git a/deployment/requirements.yml b/deployment/requirements.yml
@@ -1,3 +1,4 @@
 ---
 roles:
   - name: geerlingguy.docker
+  - name: geerlingguy.redis
diff --git a/deployment/roles/scheduler/tasks/main.yml b/deployment/roles/scheduler/tasks/main.yml
@@ -50,9 +50,9 @@
         mode: 0600
         backup: "yes"
       with_items:
-        - { src: "{{ celery_src_cacert }}", dest: "{{ celery_cacert }}" }
-        - { src: "{{ celery_ssl_src_key }}", dest: "{{ celery_ssl_key }}" }
-        - { src: "{{ celery_ssl_src_certificate }}", dest: "{{ celery_ssl_certificate }}" }
+        - {src: "{{ celery_src_cacert }}", dest: "{{ celery_cacert }}"}
+        - {src: "{{ celery_ssl_src_key }}", dest: "{{ celery_ssl_key }}"}
+        - {src: "{{ celery_ssl_src_certificate }}", dest: "{{ celery_ssl_certificate }}"}
       when: celery_ssl
 
     - name: Create scheduler config
@@ -69,6 +69,18 @@
     state: directory
   when: scheduler_working_directory is defined and scheduler_working_directory
 
+- name: Install firewalld
+  yum:
+    name: ["firewalld", "python3-firewall"]
+    state: present
+  when: manage_firewall | default(true) | bool
+
+- name: Ensure firewalld is running
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+  when: manage_firewall | default(true) | bool
 
 - name: Enable HTTP/HTTPS services on firewall
   firewalld:
@@ -79,6 +91,7 @@
   with_items:
     - http
     - https
+  when: manage_firewall | default(true) | bool
 
 - name: Add scheduler port to firewall
   firewalld:
@@ -87,6 +100,7 @@
     state: enabled
     permanent: yes
     immediate: yes
+  when: manage_firewall | default(true) | bool
 
 - name: Create scheduler Systemd service file
   template:
diff --git a/deployment/scheduler_playbook.yml b/deployment/scheduler_playbook.yml
@@ -4,4 +4,5 @@
   hosts: scheduler
   roles:
     - base
+    - geerlingguy.redis
     - scheduler
diff --git a/deployment/templates/service_config.yaml.j2 b/deployment/templates/service_config.yaml.j2
@@ -15,7 +15,7 @@ broker_config:
   use_ssl: true
   rabbitmq_ssl_port: {{ rabbitmq_ssl_port }}
 {% endif %}
-  rabbitmq_user: {{ test_system_user }}
+  rabbitmq_user: {{ celery_rabbitmq_user or test_system_user }}
   rabbitmq_password: {{ test_system_password }}
   rabbitmq_vhost: {{ test_system_vhost }}
 {% elif broker_type == 'redis' and alts_redis_host and alts_redis_port %}
@@ -31,7 +31,7 @@ broker_pool: {{ broker_pool }}
 results_backend_config:
 {% if result_backend_name == 'local' and celery_result_folder %}
   path: file://{{ celery_result_folder }}
-{% elif result_backend_name == 'azure' and azure_connection_str and azureblockblob_container_name %}
+{% elif result_backend_name == 'azure' and azure_connection_str is defined and azureblockblob_container_name is defined %}
   azureblockblob_container_name: {{ azureblockblob_container_name }}
   azureblockblob_base_path: 'celery_results/'
   azure_connection_string: {{ azure_connection_str }}
@@ -97,7 +97,9 @@ opennebula_config:
   network: "{{ opennebula_network }}"
 {% endif %}
 {% endif %}
+{% if tests_exec_timeout is defined %}
 tests_exec_timeout: {{ tests_exec_timeout }}
+{% endif %}
 {% if centos_baseurl is defined %}
 centos_baseurl: "{{ centos_baseurl }}"
 {% endif %}

-Original file line number
+Diff line change
@@ @@ -1,3 +1,4 @@ @@
 ---
 roles:
   - name: geerlingguy.docker
 +  - name: geerlingguy.redis