--- - name: Deploy Arke Proxy Server hosts: arke vars: ansible_common_remote_group: "{{arke_group}}" allow_world_readable_tmpfiles: true tasks: - name: Create Arke group become: true ansible.builtin.group: name: "{{arke_group}}" state: present - name: Create arke user become: true ansible.builtin.user: name: "{{arke_user}}" group: "{{arke_group}}" home: "{{arke_directory}}" shell: /bin/bash system: true create_home: false - name: Add keeper_user to arke group become: true ansible.builtin.user: name: "{{keeper_user}}" groups: "{{arke_group}}" append: true - name: Create required directories become: true ansible.builtin.file: path: "{{arke_directory}}" owner: "{{arke_user}}" group: "{{arke_group}}" state: directory mode: '750' - name: Ensure tar is installed for unarchive task become: true ansible.builtin.apt: name: - tar state: present update_cache: true - name: Ensure Python, Python Dev, Venv module is installed become: true ansible.builtin.apt: name: [python3,python3-venv,python3-dev, acl] state: present update_cache: true - name: Transfer and unarchive git archive become: true ansible.builtin.unarchive: src: "~/rel/arke_{{arke_rel}}.tar" dest: "{{arke_directory}}" owner: "{{arke_user}}" group: "{{arke_group}}" mode: '550' notify: restart arke - name: Ensure media directories are writable become: true ansible.builtin.file: path: "{{arke_directory}}/media/generated_images" owner: "{{arke_user}}" group: "{{arke_group}}" state: directory mode: '750' - name: Create virtual environment for Arke become: true become_user: "{{arke_user}}" ansible.builtin.command: cmd: "python3 -m venv {{arke_directory}}/.venv/" creates: "{{arke_directory}}/.venv/bin/activate" - name: Install wheel in virtual environment become: true become_user: "{{arke_user}}" ansible.builtin.pip: name: - wheel state: latest virtualenv: "{{arke_directory}}/.venv" - name: Install pyproject.toml dependencies in virtualenv become: true become_user: "{{arke_user}}" ansible.builtin.pip: chdir: "{{arke_directory}}" name: . virtualenv: "{{arke_directory}}/.venv" virtualenv_command: python3 -m venv - name: Install Memcached become: true ansible.builtin.apt: name: memcached state: present update_cache: true - name: Ensure Memcached is running become: true ansible.builtin.service: name: memcached state: started enabled: true - name: Template Arke .env configuration become: true ansible.builtin.template: src: .env.j2 dest: "{{arke_directory}}/.env" owner: "{{arke_user}}" group: "{{arke_group}}" mode: '640' notify: restart arke - name: Template systemd service file become: true ansible.builtin.template: src: arke.service.j2 dest: /etc/systemd/system/arke.service owner: root group: root mode: '644' notify: restart arke - name: Enable and start arke service become: true ansible.builtin.systemd: name: arke enabled: true state: started daemon_reload: true - name: Ensure Arke metrics endpoint is open to Prometheus (manual step if not using ufw) ansible.builtin.debug: msg: | Ensure the host's firewall allows inbound TCP on port 8000 from sao.helu.ca for Prometheus scraping. If using ufw: sudo ufw allow from to any port 8000 proto tcp - name: Reminder - Update Prometheus scrape config on sao.helu.ca ansible.builtin.debug: msg: | Add the following job/target to your Prometheus configuration on sao.helu.ca: - job_name: 'arke' static_configs: - targets: [':{{arke_port}}'] - name: Validate Arke health endpoints ansible.builtin.uri: url: "http://localhost:{{arke_port}}/health" status_code: 200 return_content: true register: health_check retries: 5 delay: 5 until: health_check.status == 200 - name: Validate Arke /metrics endpoint ansible.builtin.uri: url: "http://localhost:{{arke_port}}/metrics" status_code: 200 return_content: false register: metrics_check retries: 5 delay: 5 until: metrics_check.status == 200 handlers: - name: restart arke become: true ansible.builtin.systemd: name: arke state: restarted