r/ouranos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
cdd61bd9166a625eb0abc2e7868f408110723dab
ouranos/ansible/arke/deploy.yml
Robert Helewka 042df52bca Refactor user management in Ansible playbooks to standardize on keeper_user 
- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user.
- Modified PostgreSQL deployment to create directories and manage files under keeper_user's home.
- Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks.
- Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support.
- Added staging playbook for preparing release tarballs from local repositories.
- Created templates for XRDP configuration and environment activation scripts.
- Removed obsolete sunwait documentation.
2026-03-05 10:37:41 +00:00

182 lines
4.6 KiB
YAML
Raw Blame History

---
- name: Deploy Arke Proxy Server
hosts: arke
vars:
ansible_common_remote_group: "{{arke_group}}"
allow_world_readable_tmpfiles: true
tasks:
- name: Create Arke group
become: true
ansible.builtin.group:
name: "{{arke_group}}"
state: present
- name: Create arke user
become: true
ansible.builtin.user:
name: "{{arke_user}}"
group: "{{arke_group}}"
home: "{{arke_directory}}"
shell: /bin/bash
system: true
create_home: false
- name: Add keeper_user to arke group
become: true
ansible.builtin.user:
name: "{{keeper_user}}"
groups: "{{arke_group}}"
append: true
- name: Create required directories
become: true
ansible.builtin.file:
path: "{{arke_directory}}"
owner: "{{arke_user}}"
group: "{{arke_group}}"
state: directory
mode: '750'
- name: Ensure tar is installed for unarchive task
become: true
ansible.builtin.apt:
name:
- tar
state: present
update_cache: true
- name: Ensure Python, Python Dev, Venv module is installed
become: true
ansible.builtin.apt:
name: [python3,python3-venv,python3-dev]
state: present
update_cache: true
- name: Transfer and unarchive git archive
become: true
ansible.builtin.unarchive:
src: "~/rel/arke_{{arke_rel}}.tar"
dest: "{{arke_directory}}"
owner: "{{arke_user}}"
group: "{{arke_group}}"
mode: '550'
notify: restart arke
- name: Ensure media directories are writable
become: true
ansible.builtin.file:
path: "{{arke_directory}}/media/generated_images"
owner: "{{arke_user}}"
group: "{{arke_group}}"
state: directory
mode: '750'
- name: Create virtual environment for Arke
become: true
become_user: "{{arke_user}}"
ansible.builtin.command:
cmd: "python3 -m venv {{arke_directory}}/.venv/"
creates: "{{arke_directory}}/.venv/bin/activate"
- name: Install wheel in virtual environment
become: true
become_user: "{{arke_user}}"
ansible.builtin.pip:
name:
- wheel
state: latest
virtualenv: "{{arke_directory}}/.venv"
- name: Install pyproject.toml dependencies in virtualenv
become: true
become_user: "{{arke_user}}"
ansible.builtin.pip:
chdir: "{{arke_directory}}"
name: .
virtualenv: "{{arke_directory}}/.venv"
virtualenv_command: python3 -m venv
- name: Install Memcached
become: true
ansible.builtin.apt:
name: memcached
state: present
update_cache: true
- name: Ensure Memcached is running
become: true
ansible.builtin.service:
name: memcached
state: started
enabled: true
- name: Template Arke .env configuration
become: true
ansible.builtin.template:
src: .env.j2
dest: "{{arke_directory}}/.env"
owner: "{{arke_user}}"
group: "{{arke_group}}"
mode: '640'
notify: restart arke
- name: Template systemd service file
become: true
ansible.builtin.template:
src: arke.service.j2
dest: /etc/systemd/system/arke.service
owner: root
group: root
mode: '644'
notify: restart arke
- name: Enable and start arke service
become: true
ansible.builtin.systemd:
name: arke
enabled: true
state: started
daemon_reload: true
- name: Ensure Arke metrics endpoint is open to Prometheus (manual step if not using ufw)
ansible.builtin.debug:
msg: |
Ensure the host's firewall allows inbound TCP on port 8000 from sao.helu.ca for Prometheus scraping.
If using ufw:
sudo ufw allow from <sao.helu.ca_ip> to any port 8000 proto tcp
- name: Reminder - Update Prometheus scrape config on sao.helu.ca
ansible.builtin.debug:
msg: |
Add the following job/target to your Prometheus configuration on sao.helu.ca:
- job_name: 'arke'
static_configs:
- targets: ['<arke_host>:{{arke_port}}']
- name: Validate Arke health endpoints
ansible.builtin.uri:
url: "http://localhost:{{arke_port}}/health"
status_code: 200
return_content: true
register: health_check
retries: 5
delay: 5
until: health_check.status == 200
- name: Validate Arke /metrics endpoint
ansible.builtin.uri:
url: "http://localhost:{{arke_port}}/metrics"
status_code: 200
return_content: false
register: metrics_check
retries: 5
delay: 5
until: metrics_check.status == 200
handlers:
- name: restart arke
become: true
ansible.builtin.systemd:
name: arke
state: restarted
Reference in New Issue View Git Blame Copy Permalink