Feature/add docker to ansible provisioning

.gitignore

@@ -1,13 +1,8 @@
 nodeAPI
-
+**/__pycache__/
 # Created by https://www.gitignore.io/api/go,code,linux,macos,windows,eclipse,jetbrains
 # Edit at https://www.gitignore.io/?templates=go,code,linux,macos,windows,eclipse,jetbrains
 
-### Build Artifacts & Generated Stuff ###
-fenrir
-deployment/e2e-k8s-job/*.yaml
-venv
-
 ### Code ###
 .vscode/*
 # !.vscode/settings.json

CHANGELOG.md

@@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 ### Added
-* ansible playbook that provisions a cron-job that runs every midnight and should trigger aggregator
-and routines
+* ansible playbook that provisions a cron-job that runs every midnight and should trigger aggregator and routines
+* ansible role to install docker and docker-compose
 
 [Unreleased]: https://github.com/maxisses/Covid-19API/compare/feature/add-aggregation-cron-job?expand=1

ansible/README.md

@@ -8,7 +8,12 @@ In the command line run
 ```shell
 ansible-playbook playbook.yaml
 ```
-to get everything set up.
+to get everything set up. That is:
+* create a cron job
+* install docker (if not installed)
+* install python3 (if not installed) and necessary packages
+* run the `flaskAPIwDocker` in a docker container
+* Profit! ;)
 
 You can specify user, remote IP, host-key check, etc. optionally, like this:
 ```shell
@@ -17,12 +22,44 @@ ansible-playbook \
 --key-file  ~/.ssh/<key-file>.pem \ # provide SSH key
 --ssh-common-args '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \ # skip host key checking
 -i <inventory-file> \ # use different inventory file
+-b \ # become
 -vvvv \ # very verbose
 playbook.yaml 
 ```
 
+**Note**, that the setup is designed to run on an Ubuntu Linux with user `ubuntu` since ansible tasks
+are using apt only (this may change in future versions). The provisioning can easily be adapted by
+changing all fields with `CHANGE` mentions.
+
 ## Test
 For testing, within the specific role, execute:
 ```shell
-molecule converge # --debug optionally
+molecule converge [--debug]
+```
+
+## Example Using AWS EC2 Instance
+### Prerequisites
+* AWS Account
+* ansible is installed on your local system
+
+### Next Steps
+* in the AWS console, create an EC2 instance with public IP and SSH keypair
+  * copy the private key and change permissions to "read only" (`400`)
+  * note the public IP of the EC2 instance 
+* modify the `./ansible/inventory` file to use your IP
+* from local, run:
+```shell script
+ansible-playbook \
+-u ubuntu \
+--key-file <path-to-key-file>.pem \
+--ssh-common-args '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \
+-i <inventory-file> \
+-b \
+-vvvv \
+./ansible/playbook.yaml 
+```
+* wait a few minutes
+After that, you can access the API via `<publicIP>:5000/<endpoint>`, e.g.,
+```shell script
+curl 35.180.191.100:5000/get_total_cases
 ```

ansible/inventory

@@ -1,2 +1,4 @@
-[targets]
-localhost ansible_connection=local
+[remote]
+35.180.178.217 # CHANGE
+[local]
+localhost ansible_connection=local

ansible/playbook.yaml

@@ -1,6 +1,8 @@
 ---
 - hosts: all
-  remote_user: user #TODO
+  remote_user: ubuntu # CHANGE
   become_user: root
   roles:
-    - role: cron-job
+    - role: cron-job
+    - role: geerlingguy.docker
+    - role: flask-api

ansible/roles/cron-job/tasks/main.yaml

@@ -4,7 +4,7 @@
     src: ../../../../fillDatabase/aggregate.py
     dest: "{{ project_remote_dir }}"
     owner: ubuntu # CHANGE
-    mode: '0644'
+    mode: '0755'
 
 - name: Install cron
   become: yes
@@ -18,4 +18,4 @@
     name: "Aggregate case data"
     minute: 0
     hour: 0
-    job: "{{ aggregator_command }} > /dev/null 2>&1"
+    job: "{{ aggregator_command }} > /dev/null 2>&1"

ansible/roles/flask-api/defaults/main.yaml

@@ -0,0 +1,4 @@
+---
+project_remote_dir: /home/ubuntu # CHANGE
+api_image_name: flaskapiwdocker_web_1
+postgres_image_name: flaskapiwdocker_postgresql_1

ansible/roles/flask-api/tasks/main.yaml

@@ -0,0 +1,56 @@
+---
+- name: Perform Pre-Installation Tasks
+  include_tasks: prerequisites.yaml
+
+- name: Tear down existing services
+  docker_compose:
+    project_src: "{{ project_remote_dir }}/flaskAPIwDocker"
+    state: absent
+
+- name: Create and start services
+  docker_compose:
+    project_src: flaskAPIwDocker
+  register: output
+
+- debug:
+    var: output
+
+- name: Run `docker-compose up` again
+  docker_compose:
+    project_src: "{{ project_remote_dir }}/flaskAPIwDocker"
+    build: no
+  register: output
+
+- debug:
+    var: output
+
+- assert:
+    that: "not output.changed "
+
+- name: Stop all services
+  docker_compose:
+    project_src: "{{ project_remote_dir }}/flaskAPIwDocker"
+    build: no
+    stopped: yes
+  register: output
+
+- debug:
+    var: output
+
+- assert:
+    that:
+      - "not web.{{ api_image_name }}.state.running"
+
+- name: Restart all services
+  docker_compose:
+    project_src: "{{ project_remote_dir }}/flaskAPIwDocker"
+    build: no
+    restarted: yes
+  register: output
+
+- debug:
+    var: output
+
+- assert:
+    that:
+      - "web.{{ api_image_name }}.state.running"

ansible/roles/flask-api/tasks/prerequisites.yaml

@@ -0,0 +1,21 @@
+---
+- name: Install Python plus utility packages
+  become: yes
+  apt:
+    name:
+      - python3-pip
+      - python3-virtualenv
+      - python3-dev
+      - virtualenv
+      - python3-docker
+
+- name: "Install Python3 docker compose"
+  pip:
+    name: docker-compose
+
+- name: "Copy API project directory to remote host's home"
+  copy:
+    src: ../../../../flaskAPIwDocker
+    dest: "{{ project_remote_dir }}"
+    owner: ubuntu # CHANGE
+    mode: '0644'

ansible/roles/geerlingguy.docker/.ansible-lint

@@ -0,0 +1,2 @@
+skip_list:
+  - '306'

ansible/roles/geerlingguy.docker/.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+---
+github: geerlingguy
+patreon: geerlingguy

ansible/roles/geerlingguy.docker/.github/stale.yml

@@ -0,0 +1,56 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 90
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 30
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - pinned
+  - security
+  - planned
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: false
+
+# Label to use when marking as stale
+staleLabel: stale
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+pulls:
+  markComment: |-
+    This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
+
+    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
+
+  unmarkComment: >-
+    This pull request is no longer marked for closure.
+
+  closeComment: >-
+    This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
+
+issues:
+  markComment: |-
+    This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+
+    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+
+  unmarkComment: >-
+    This issue is no longer marked for closure.
+
+  closeComment: >-
+    This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

ansible/roles/geerlingguy.docker/.gitignore

@@ -0,0 +1,3 @@
+*.retry
+*/__pycache__
+*.pyc

ansible/roles/geerlingguy.docker/.travis.yml

@@ -0,0 +1,31 @@
+---
+language: python
+services: docker
+
+env:
+  global:
+    - ROLE_NAME: docker
+  matrix:
+    - MOLECULE_DISTRO: centos8
+    - MOLECULE_DISTRO: centos7
+    - MOLECULE_DISTRO: ubuntu1804
+    - MOLECULE_DISTRO: ubuntu1604
+    - MOLECULE_DISTRO: debian10
+    - MOLECULE_DISTRO: debian9
+
+install:
+  # Install test dependencies.
+  - pip install molecule yamllint ansible-lint docker
+
+before_script:
+  # Use actual Ansible Galaxy role name for the project directory.
+  - cd ../
+  - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
+  - cd geerlingguy.$ROLE_NAME
+
+script:
+  # Run tests.
+  - molecule test
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

ansible/roles/geerlingguy.docker/.yamllint

@@ -0,0 +1,6 @@
+---
+extends: default
+rules:
+  line-length:
+    max: 200
+    level: warning

ansible/roles/geerlingguy.docker/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.