--- - name: Deploy Kernos MCP Shell Server hosts: kernos vars: ansible_common_remote_group: "{{kernos_group}}" allow_world_readable_tmpfiles: true tasks: - name: Create Kernos group become: true ansible.builtin.group: name: "{{kernos_group}}" state: present - name: Create kernos user become: true ansible.builtin.user: name: "{{kernos_user}}" group: "{{kernos_group}}" home: "/home/{{kernos_user}}" shell: /bin/bash system: false create_home: true - name: Add keeper_user to kernos group become: true ansible.builtin.user: name: "{{keeper_user}}" groups: "{{kernos_group}}" append: true - name: Reset connection to pick up new group membership ansible.builtin.meta: reset_connection - name: Create required directories become: true ansible.builtin.file: path: "{{kernos_directory}}" owner: "{{kernos_user}}" group: "{{kernos_group}}" state: directory mode: '750' - name: Ensure tar is installed for unarchive task become: true ansible.builtin.apt: name: - tar state: present update_cache: true - name: Ensure Python, Python Dev, Venv module is installed become: true ansible.builtin.apt: name: [python3, python3-venv, python3-dev] state: present update_cache: true - name: Transfer and unarchive git archive become: true ansible.builtin.unarchive: src: "~/rel/kernos_{{kernos_rel}}.tar" dest: "{{kernos_directory}}" owner: "{{kernos_user}}" group: "{{kernos_group}}" mode: '550' notify: restart kernos - name: Ensure venv directory ownership is correct become: true ansible.builtin.file: path: "{{kernos_directory}}/.venv" owner: "{{kernos_user}}" group: "{{kernos_group}}" state: directory recurse: true when: ansible_facts['file'] is defined or true - name: Create virtual environment for Kernos become: true become_user: "{{kernos_user}}" ansible.builtin.command: cmd: "python3 -m venv {{kernos_directory}}/.venv/" creates: "{{kernos_directory}}/.venv/bin/activate" - name: Install wheel in virtual environment become: true become_user: "{{kernos_user}}" ansible.builtin.pip: name: - wheel state: latest virtualenv: "{{kernos_directory}}/.venv" - name: Install pyproject.toml dependencies in virtualenv become: true become_user: "{{kernos_user}}" ansible.builtin.pip: chdir: "{{kernos_directory}}" name: . virtualenv: "{{kernos_directory}}/.venv" virtualenv_command: python3 -m venv notify: restart kernos - name: Template Kernos .env configuration become: true ansible.builtin.template: src: .env.j2 dest: "{{kernos_directory}}/.env" owner: "{{kernos_user}}" group: "{{kernos_group}}" mode: '640' notify: restart kernos - name: Template systemd service file become: true ansible.builtin.template: src: kernos.service.j2 dest: /etc/systemd/system/kernos.service owner: root group: root mode: '644' notify: restart kernos - name: Enable and start kernos service become: true ansible.builtin.systemd: name: kernos enabled: true state: started daemon_reload: true - name: Flush handlers to restart service before validation ansible.builtin.meta: flush_handlers - name: Validate Kernos liveness endpoint ansible.builtin.uri: url: "http://localhost:{{kernos_port}}/live" status_code: 200 return_content: true register: live_check retries: 5 delay: 5 until: live_check.status == 200 - name: Validate Kernos readiness endpoint ansible.builtin.uri: url: "http://localhost:{{kernos_port}}/ready" status_code: 200 return_content: true register: ready_check retries: 5 delay: 5 until: ready_check.status == 200 - name: Validate Kernos health endpoint ansible.builtin.uri: url: "http://localhost:{{kernos_port}}/health" status_code: 200 return_content: true register: health_check retries: 5 delay: 5 until: health_check.status == 200 - name: Validate Kernos /metrics endpoint ansible.builtin.uri: url: "http://localhost:{{kernos_port}}/metrics" status_code: 200 return_content: false register: metrics_check retries: 5 delay: 5 until: metrics_check.status == 200 handlers: - name: restart kernos become: true ansible.builtin.systemd: name: kernos state: restarted