|
2 | 2 |
|
3 | 3 | - name: Install packages for python pip3 n virtualenv |
4 | 4 | package: |
5 | | - name: "{{ item }}" |
6 | | - state: present |
| 5 | + name: "{{ item }}" |
| 6 | + state: present |
7 | 7 | loop: |
8 | | - - python3-pip |
9 | | - - python3-virtualenv |
10 | | - - python3-docker |
| 8 | + - python3-pip |
| 9 | + - python3-virtualenv |
| 10 | + - python3-docker |
11 | 11 | become: true |
12 | 12 |
|
13 | 13 | - name: read dbadmin pwd from secrets file |
14 | 14 | slurp: |
15 | | - src: "{{ dbadmin_password_file }}" |
| 15 | + src: "{{ dbadmin_password_file }}" |
16 | 16 | register: api_user_password |
17 | 17 | become: true |
18 | 18 |
|
19 | 19 | - name: decode dbadmin pwd |
20 | 20 | set_fact: |
21 | | - api_user_password: "{{ api_user_password['content'] | b64decode | trim }}" |
| 21 | + api_user_password: "{{ api_user_password['content'] | b64decode | trim }}" |
22 | 22 |
|
23 | 23 | - name: read jwt public key from file as JWT secret |
24 | 24 | slurp: |
25 | | - src: "{{ jwt_public_key_file }}" |
| 25 | + src: "{{ jwt_public_key_file }}" |
26 | 26 | register: api_hasura_jwt_secret_dict |
27 | 27 | become: true |
28 | 28 |
|
29 | 29 | - name: decode key |
30 | 30 | set_fact: |
31 | | - api_hasura_jwt_secret: "{{ api_hasura_jwt_secret_dict['content'] | b64decode }}" |
| 31 | + api_hasura_jwt_secret: "{{ api_hasura_jwt_secret_dict['content'] | b64decode }}" |
32 | 32 |
|
33 | 33 | - name: make sure {{ fworch_secrets_dir }} exists |
34 | 34 | file: |
35 | | - path: "{{ fworch_secrets_dir }}" |
36 | | - state: directory |
37 | | - mode: "0750" |
38 | | - owner: "{{ fworch_user }}" |
39 | | - group: "{{ postgres_group }}" |
| 35 | + path: "{{ fworch_secrets_dir }}" |
| 36 | + state: directory |
| 37 | + mode: "0750" |
| 38 | + owner: "{{ fworch_user }}" |
| 39 | + group: "{{ postgres_group }}" |
40 | 40 | become: true |
41 | 41 |
|
42 | 42 | - name: set static hasura admin pwd for test purposes only |
43 | 43 | set_fact: |
44 | | - api_hasura_admin_secret: "{{ api_hasura_admin_test_password }}" |
| 44 | + api_hasura_admin_secret: "{{ api_hasura_admin_test_password }}" |
45 | 45 | when: testkeys is defined and testkeys|bool |
46 | 46 |
|
47 | 47 | - name: set random hasura admin password |
48 | 48 | set_fact: |
49 | | - api_hasura_admin_secret: "{{ randomly_generated_pwd }}" |
| 49 | + api_hasura_admin_secret: "{{ randomly_generated_pwd }}" |
50 | 50 | when: testkeys is not defined or not testkeys|bool |
51 | 51 |
|
52 | 52 | - name: write hasura admin password to secrets directory |
53 | 53 | copy: |
54 | | - content: "{{ api_hasura_admin_secret }}\n" |
55 | | - dest: "{{ fworch_secrets_dir }}/hasura_admin_pwd" |
56 | | - mode: '0600' |
57 | | - owner: "{{ fworch_user }}" |
58 | | - group: "{{ fworch_group }}" |
| 54 | + content: "{{ api_hasura_admin_secret }}\n" |
| 55 | + dest: "{{ fworch_secrets_dir }}/hasura_admin_pwd" |
| 56 | + mode: "0600" |
| 57 | + owner: "{{ fworch_user }}" |
| 58 | + group: "{{ fworch_group }}" |
59 | 59 | become: true |
60 | 60 |
|
61 | 61 | - name: check for existing hasura cli file |
62 | 62 | stat: |
63 | | - path: "{{ api_hasura_cli_bin }}" |
| 63 | + path: "{{ api_hasura_cli_bin }}" |
64 | 64 | register: api_cli_check |
65 | 65 |
|
66 | 66 | # only download new version of api cli, when not restoring from backup: |
67 | 67 | - name: download {{ api_hasura_version }} hasura cli binary |
68 | 68 | get_url: |
69 | | - url: "https://github.com/hasura/graphql-engine/releases/download/{{ api_hasura_version }}/cli-hasura-linux-amd64" |
70 | | - dest: "{{ api_hasura_cli_bin }}" |
71 | | - force: true |
72 | | - mode: "0755" |
73 | | - owner: "{{ fworch_user }}" |
74 | | - group: "{{ fworch_group }}" |
| 69 | + url: "https://github.com/hasura/graphql-engine/releases/download/{{ api_hasura_version }}/cli-hasura-linux-amd64" |
| 70 | + dest: "{{ api_hasura_cli_bin }}" |
| 71 | + force: true |
| 72 | + mode: "0755" |
| 73 | + owner: "{{ fworch_user }}" |
| 74 | + group: "{{ fworch_group }}" |
75 | 75 | environment: "{{ proxy_env }}" |
76 | 76 | become: true |
77 | | - when: not api_cli_check.stat.exists |
| 77 | + when: not api_cli_check.stat.exists |
78 | 78 |
|
79 | 79 | - name: initialize hasura cli directory |
80 | 80 | command: "{{ api_hasura_cli_bin }} init {{ product_name }} --skip-update-check --endpoint http://{{ api_local_listening_ip_address }}:{{ api_port }} --admin-secret {{ api_hasura_admin_secret }}" |
81 | | - args: |
82 | | - chdir: "{{ api_home }}" |
| 81 | + args: |
| 82 | + chdir: "{{ api_home }}" |
83 | 83 | become: true |
84 | 84 | become_user: "{{ fworch_user }}" |
85 | 85 | environment: "{{ proxy_env }}" |
86 | 86 | when: not api_cli_check.stat.exists |
87 | 87 |
|
88 | 88 | - name: set hasura env variable |
89 | 89 | set_fact: |
90 | | - hasura_env: |
91 | | - HASURA_GRAPHQL_DATABASE_URL: "postgres://{{ api_user }}:{{ api_user_password }}@{{ fworch_db_host }}:{{ fworch_db_port }}/{{ fworch_db_name }}" |
92 | | - HASURA_GRAPHQL_ENABLE_CONSOLE: "true" |
93 | | - HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" |
94 | | - HASURA_GRAPHQL_ADMIN_SECRET: "{{ api_hasura_admin_secret }}" |
95 | | - HASURA_GRAPHQL_SERVER_HOST: "127.0.0.1" |
96 | | - HASURA_GRAPHQL_SERVER_PORT: "8080" |
97 | | - HASURA_GRAPHQL_LOG_LEVEL: "{{ api_log_level }}" |
98 | | - HASURA_GRAPHQL_ENABLED_LOG_TYPES: '{{ api_HASURA_GRAPHQL_ENABLED_LOG_TYPES }}' |
99 | | - HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: "/srv/console-assets" |
100 | | - HASURA_GRAPHQL_V1_BOOLEAN_NULL_COLLAPSE: "true" |
101 | | - HASURA_GRAPHQL_CORS_DOMAIN: "*" |
102 | | - HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS: "{{ api_HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS }}" |
103 | | - HASURA_GRAPHQL_JWT_SECRET: ' |
104 | | - { |
105 | | - "type": "{{ api_hasura_jwt_alg|quote }}", |
106 | | - "key": "{{ api_hasura_jwt_secret | regex_replace(''\n'', ''\\n'') }}", |
107 | | - "claims_namespace_path": "$" |
108 | | - } |
109 | | - ' |
110 | | - HTTP_PROXY: "{{ http_proxy }}" |
111 | | - HTTPS_PROXY: "{{ https_proxy }}" |
112 | | - http_proxy: "{{ http_proxy }}" |
113 | | - https_proxy: "{{ https_proxy }}" |
114 | | - no_proxy: "{{ no_proxy }}" |
115 | | - NO_PROXY: "{{ no_proxy }}" |
| 90 | + hasura_env: |
| 91 | + HASURA_GRAPHQL_DATABASE_URL: "postgres://{{ api_user }}:{{ api_user_password }}@{{ fworch_db_host }}:{{ fworch_db_port }}/{{ fworch_db_name }}" |
| 92 | + HASURA_GRAPHQL_ENABLE_CONSOLE: "true" |
| 93 | + HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" |
| 94 | + HASURA_GRAPHQL_ADMIN_SECRET: "{{ api_hasura_admin_secret }}" |
| 95 | + HASURA_GRAPHQL_SERVER_HOST: "127.0.0.1" |
| 96 | + HASURA_GRAPHQL_SERVER_PORT: "8080" |
| 97 | + HASURA_GRAPHQL_LOG_LEVEL: "{{ api_log_level }}" |
| 98 | + HASURA_GRAPHQL_ENABLED_LOG_TYPES: "{{ api_HASURA_GRAPHQL_ENABLED_LOG_TYPES }}" |
| 99 | + HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: "/srv/console-assets" |
| 100 | + HASURA_GRAPHQL_V1_BOOLEAN_NULL_COLLAPSE: "true" |
| 101 | + HASURA_GRAPHQL_CORS_DOMAIN: "*" |
| 102 | + HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS: "{{ api_HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS }}" |
| 103 | + HASURA_GRAPHQL_JWT_SECRET: ' |
| 104 | + { |
| 105 | + "type": "{{ api_hasura_jwt_alg|quote }}", |
| 106 | + "key": "{{ api_hasura_jwt_secret | regex_replace(''\n'', ''\\n'') }}", |
| 107 | + "claims_namespace_path": "$" |
| 108 | + } |
| 109 | + ' |
| 110 | + HTTP_PROXY: "{{ http_proxy }}" |
| 111 | + HTTPS_PROXY: "{{ https_proxy }}" |
| 112 | + http_proxy: "{{ http_proxy }}" |
| 113 | + https_proxy: "{{ https_proxy }}" |
| 114 | + no_proxy: "{{ no_proxy }}" |
| 115 | + NO_PROXY: "{{ no_proxy }}" |
116 | 116 |
|
117 | 117 | - name: show hasura env for debugging |
118 | 118 | debug: |
119 | | - var: |
120 | | - hasura_env |
| 119 | + var: hasura_env |
121 | 120 | when: debug_level > '1' |
122 | 121 |
|
123 | 122 | - name: start hasura container |
124 | 123 | docker_container: |
125 | | - name: "{{ api_container_name }}" |
126 | | - image: hasura/graphql-engine:{{ api_hasura_version }} |
127 | | - state: started |
128 | | - network_mode: host |
129 | | - networks_cli_compatible: true |
130 | | - log_driver: syslog |
131 | | - log_options: |
132 | | - syslog-address: "{{ syslog_proto }}://{{ syslog_host }}:{{ syslog_port }}" |
133 | | - syslog-facility: daemon |
134 | | - tag: "{{ api_container_name }}" |
135 | | - recreate: true |
136 | | - exposed_ports: |
137 | | - - "{{ api_port }}:{{ api_port }}" |
138 | | - env: |
139 | | - "{{ hasura_env }}" |
140 | | - container_default_behavior: no_defaults |
141 | | - user: "1001:1001" # hasura user and group id |
| 124 | + name: "{{ api_container_name }}" |
| 125 | + image: hasura/graphql-engine:{{ api_hasura_version }} |
| 126 | + state: started |
| 127 | + network_mode: host |
| 128 | + networks_cli_compatible: true |
| 129 | + log_driver: syslog |
| 130 | + log_options: |
| 131 | + syslog-address: "{{ syslog_proto }}://{{ syslog_host }}:{{ syslog_port }}" |
| 132 | + syslog-facility: daemon |
| 133 | + tag: "{{ api_container_name }}" |
| 134 | + recreate: true |
| 135 | + env: "{{ hasura_env }}" |
| 136 | + container_default_behavior: no_defaults |
| 137 | + user: "1001:1001" # hasura user and group id |
| 138 | + pull: no |
142 | 139 | register: docker_return |
143 | 140 | become: true |
144 | 141 | become_user: "{{ fworch_user }}" |
145 | 142 | environment: "{{ proxy_env }}" |
146 | 143 |
|
147 | 144 | - name: show docker result |
148 | 145 | debug: |
149 | | - var: |
150 | | - docker_return |
| 146 | + var: docker_return |
151 | 147 | when: debug_level > '1' |
152 | 148 |
|
153 | 149 | - name: Get info on container |
154 | 150 | docker_container_info: |
155 | | - name: "{{ api_container_name }}" |
| 151 | + name: "{{ api_container_name }}" |
156 | 152 | register: result |
157 | 153 | become: true |
158 | 154 | become_user: "{{ fworch_user }}" |
159 | 155 |
|
160 | 156 | - name: Print the status of the container in case of problems only |
161 | | - fail: |
162 | | - msg: "The container status is: {{ result }}" |
| 157 | + fail: |
| 158 | + msg: "The container status is: {{ result }}" |
163 | 159 | when: result.exists and result.container['State']['Status'] == 'exited' |
164 | 160 |
|
165 | 161 | - name: copy hasura systemd service script |
166 | 162 | template: |
167 | | - src: "{{ api_service_name }}.service.j2" |
168 | | - dest: "/lib/systemd/system/{{ api_service_name }}.service" |
169 | | - backup: true |
170 | | - mode: "0644" |
171 | | - owner: "root" |
| 163 | + src: "{{ api_service_name }}.service.j2" |
| 164 | + dest: "/lib/systemd/system/{{ api_service_name }}.service" |
| 165 | + backup: true |
| 166 | + mode: "0644" |
| 167 | + owner: "root" |
172 | 168 | become: true |
173 | 169 |
|
174 | 170 | - name: make hasura docker container run at host startup |
175 | 171 | systemd: |
176 | | - name: "{{ api_service_name }}" |
177 | | - daemon_reload: true |
178 | | - enabled: true |
| 172 | + name: "{{ api_service_name }}" |
| 173 | + daemon_reload: true |
| 174 | + enabled: true |
179 | 175 | become: true |
180 | 176 |
|
181 | | -- name: wait for hasura port to become available |
| 177 | +- name: wait for hasura port to become available |
182 | 178 | wait_for: |
183 | | - port: "{{ api_port }}" |
184 | | - host: "{{ api_local_listening_ip_address }}" |
185 | | - connect_timeout: 1 |
186 | | - delay: 10 |
187 | | - timeout: 25 |
| 179 | + port: "{{ api_port }}" |
| 180 | + host: "{{ api_local_listening_ip_address }}" |
| 181 | + connect_timeout: 1 |
| 182 | + delay: 10 |
| 183 | + timeout: 25 |
188 | 184 |
|
189 | 185 | - name: check for existing api dir from restore |
190 | 186 | stat: |
191 | | - path: "{{ api_home }}/{{ product_name }}" |
| 187 | + path: "{{ api_home }}/{{ product_name }}" |
192 | 188 | register: api_metadata_check |
193 | 189 |
|
194 | 190 | - name: import API metadata via metadata API directly from local file |
195 | | - uri: |
196 | | - url: "http://{{ api_local_listening_ip_address }}:{{ api_port }}/v1/metadata" |
197 | | - method: POST |
198 | | - return_content: true |
199 | | - body_format: json |
200 | | - headers: |
201 | | - Content-Type: application/json |
202 | | - x-hasura-admin-secret: "{{ api_hasura_admin_secret }}" |
203 | | - x-hasura-role: "admin" |
204 | | - body: "{{ lookup('file','replace_metadata.json') | from_json }}" |
| 191 | + uri: |
| 192 | + url: "http://{{ api_local_listening_ip_address }}:{{ api_port }}/v1/metadata" |
| 193 | + method: POST |
| 194 | + return_content: true |
| 195 | + body_format: json |
| 196 | + headers: |
| 197 | + Content-Type: application/json |
| 198 | + x-hasura-admin-secret: "{{ api_hasura_admin_secret }}" |
| 199 | + x-hasura-role: "admin" |
| 200 | + body: "{{ lookup('file','replace_metadata.json') | from_json }}" |
205 | 201 | when: not api_rollback_is_running | bool |
206 | 202 | # do not install latest metadata in case of rollback |
207 | 203 | environment: |
208 | | - http_proxy: "" |
209 | | - https_proxy: "" |
210 | | - # do not use http proxy for metadata import |
| 204 | + http_proxy: "" |
| 205 | + https_proxy: "" |
| 206 | + # do not use http proxy for metadata import |
0 commit comments