From bc2a23c7e8c638b516c87f130f1e6ce079b22065 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 13 Feb 2024 16:27:11 +0200 Subject: radicle_node: install more Radicle, from deb, and configure CI Signed-off-by: Lars Wirzenius Sponsored-by: author --- roles/radicle_node/tasks/main.yml | 174 +++++++++++++++++++++++++++++++------- 1 file changed, 145 insertions(+), 29 deletions(-) diff --git a/roles/radicle_node/tasks/main.yml b/roles/radicle_node/tasks/main.yml index fb739d8..aefa4e7 100644 --- a/roles/radicle_node/tasks/main.yml +++ b/roles/radicle_node/tasks/main.yml @@ -27,11 +27,19 @@ # Rsync for backups. - rsync + # Web server for the web UI. + - caddy + + # Radicle components. + - radicle + - radicle-ci-broker + - radicle-native-ci + - name: "stop Radicle node if running" shell: | systemctl stop radicle-node || true -- name: "create directory for Radicle" +- name: "create directory for Radicle for the _rad user" file: state: directory path: /home/_rad/.radicle @@ -86,49 +94,38 @@ group: _rad mode: 0644 -- name: "install of upgrade Radicle using installer" - shell: | - # Can't use "set -o pipefail" here, because shell may not be - # bash. So we don't use a pipe from curl to bash, and download - # as one command and run script as a second command. If the - # download fails, the task fails. +# - name: "install of upgrade Radicle using installer" +# shell: | +# # Can't use "set -o pipefail" here, because shell may not be +# # bash. So we don't use a pipe from curl to bash, and download +# # as one command and run script as a second command. If the +# # download fails, the task fails. - curl -sSf https://radicle.xyz/install > radicle-install - install -m 0644 -o _rad -g _rad radicle-install /home/_rad/radicle-install - sudo -u _rad -i bash ./radicle-install +# curl -sSf https://radicle.xyz/install > radicle-install +# install -m 0644 -o _rad -g _rad radicle-install /home/_rad/radicle-install +# sudo -u _rad -i bash ./radicle-install - name: "install systemd unit for Radicle node" copy: content: | [Unit] - After=syslog.target network.target Description=Radicle Node + After=network.target network-online.target + Requires=network-online.target [Service] - Type=simple - ExecStart=/home/_rad/.radicle/bin/radicle-node --listen 0.0.0.0:8776 - Environment=RAD_HOME=/home/_rad/.radicle - KillMode=process - Restart=on-failure - RestartSec=1 User=_rad Group=_rad + ExecStart=/usr/bin/radicle-node --listen 0.0.0.0:8776 --force + Environment=RAD_HOME=/home/_rad/.radicle RUST_BACKTRACE=1 RUST_LOG=info + KillMode=process + Restart=always + RestartSec=3 [Install] - WantedBy=default.target + WantedBy=multi-user.target dest: /lib/systemd/system/radicle-node.service -# # Ansible does not seem to always actually start the unit, so do -# # it manually. This seems to only happen on the first run on a -# # freshly created host. -# - name: "actually start node" -# shell: | -# systemctl restart radicle-node -# if [ "$(systemctl is-active radicle-node)" != active ]; then -# systemctl status radicle-node -# false -# fi - - name: "install script to add nodes to connect to the Radicle config file" when: radicle_node_connections is defined copy: @@ -189,3 +186,122 @@ rad seed "{{ item.rid }}" EOF sudo -u _rad bash -ex /tmp/seed.sh + +- name: "install Caddy configuation file" + template: + src: Caddyfile.j2 + dest: /etc/caddy/Caddyfile + +- name: "create directory for CI logs" + file: + state: directory + path: /srv/http + owner: _rad + group: _rad + +- name: "restart Caddy" + systemd: + name: caddy + state: restarted + masked: no + enabled: yes + daemon_reload: yes + +- name: "install systemd unit for Radicle HTTPD" + copy: + content: | + [Unit] + Description=Radicle HTTP Daemon + After=network.target network-online.target + Requires=network-online.target + + [Service] + User=_rad + Group=_rad + ExecStart=/usr/bin/radicle-httpd --listen 127.0.0.1:8080 + Environment=RAD_HOME=/home/_rad/.radicle RUST_BACKTRACE=1 RUST_LOG=info + KillMode=process + Restart=always + RestartSec=1 + + [Install] + WantedBy=multi-user.target + dest: /lib/systemd/system/radicle-httpd.service + +- name: "enable systemd unit for Radicle HTTPD" + systemd: + name: radicle-httpd + state: restarted + masked: no + enabled: yes + daemon_reload: yes + +- name: "install Radicle CI broker config" + copy: + content: | + default_adapter: native + adapters: + native: + command: /home/bin/radicle-native-ci + env: + RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml + filters: + - !Or + - !And + - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" + - !AnyPatch + - !And + - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" + - !AnyPatch + dest: /home/_rad/ci-broker.yaml + owner: _rad + group: _rad + mode: 0644 + +- name: "create state directory for Radicle native CI" + file: + state: directory + path: /home/_rad/native-ci.state + owner: _rad + group: _rad + mode: 0755 + +- name: "install Radicle native CI config" + copy: + content: | + state: /srv/http + log: /home/_rad/native-ci.log + dest: /home/_rad/native-ci.yaml + owner: _rad + group: _rad + mode: 0644 + +- name: "install systemd unit for Radicle CI broker" + copy: + content: | + [Unit] + After=radicle-node.service + Description=Radicle CI broker + + [Service] + Type=simple + Environment=RAD_HOME=/home/liw/.radicle + Environment=PATH=/bin:/usr/bin:/sbin:/usr/sbin + ExecStart=bash -c 'ci-broker /home/_rad/ci-broker.yaml >> /srv/http/broker.log' + KillMode=process + Restart=always + RestartSec=1 + User=_rad + Group=_rad + + [Install] + WantedBy=default.target + dest: /lib/systemd/system/radicle-ci-broker.service + +- name: "enable systemd unit for Radicle CI broker" + systemd: + name: radicle-ci-broker + state: restarted + masked: no + enabled: yes + daemon_reload: yes -- cgit v1.2.1